Just a few hours after it became public the security researcher Charlie Miller had inserted a proof-of-concept app into the Apple App Store to demonstrate a serious vulnerability in iOS, Apple informed Miller that it was removing him from its developer program.

Miller had created the app, which is a real-time stock ticker, a couple of months ago as a way to demonstrate an exploit for an iOS vulnerability he found that enabled him to load unsigned code onto a an iOS device. He submitted the app to the Apple iTunes App Store and it eventually was approved and appeared in the store in mid-September. Miller used the app to demonstrate the exploit in a video he created, but other people had also downloaded it.

The app was designed to connect to Miller’s Web server on installation and check for new content, but he only placed the file with the exploit code in it on the server when he was performing a demo, so no users who downloaded the app would’ve been subject to the exploit. However, Apple didn’t take kindly to Miller’s research methods and sent him a letter on Monday informing him that the company was removing him from its developer program.

“Apple just kicked me out of the iOS Developer Program. That’s so rude!” Miller said in a message on Twitter Monday evening. “First they give researcher’s access to developer programs, (although I paid for mine) then they kick them out.. for doing research.”

Miller informed Apple of the iOS vulnerability on Oct. 14 and he said in an interview that he expected the company to produce a patch for it fairly quickly, given the seriousness of the flaw.

“They don’t like this stuff where they lose control of the platform. It’s serious stuff for them,”said Miller, who is a principal research consultant at Accuvant.

Miller said that the letter from Apple says that he has been removed from the developer program for a year.

Categories: Apple, Hacks, Mobile Security, Vulnerabilities

Comments (5)

  1. Anonymous
    1

    That’s real cute Apple kick the guy out who told you about a serious hole. They should have kept this guy around because he found a hole like that. Apple showed they are more worried about the brand than customers security. 

     

    Thanks Apple for making my mind up

  2. Anonymous
    3

    What he has found is APPLES way of exploiting information held on our phones and thats why they got pissed off. Well done for finding the vulnerability. Up yours Apple. Get it fixed!!

  3. Stevan
    4

    Seriously?  You think Miller acted responsibly?  He developed his app & got it approved for the app store by mid-September, knowing the flaw was there & allowing people to download it.  Miller finally informed Apple of the flaw on Oct 14.

    If it was me, I would ban this clown for a few years.

     

  4. Anonymous
    5

    I’d expect get kicked out too if I knowingly put malware on the app store.  Least he could have done was remove it as soon as it got approved.  He also went public with it before the patch was released.  Probably not the smartest move either.  Sounds to me like he got complacent because he thought he had such a good relationship with apple that he was exempt from the rules.  He only has himself to blame.

Comments are closed.