Apple Sanctions Researcher Charlie Miller for Exploit

Wednesday, November 09, 2011



Dr. Charlie Miller, principal research consultant for Accuvant LABS and four time Pwn2Own winner, has been abruptly dismissed from the Apple iOS Developer Program after revealing a vulnerability in Apple's security protocols.

Miller, who has probably done more to further Apple product security over the years than any other independent researcher, "planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends," according to Forbes.

Apple then extended Miller a backhanded 'thank you' for exposing the security flaw by kicking him out of the Developer Program, a move that ultimately inhibits his ability to conduct critical research.

Miller tweeted that he had informed Apple of the project three weeks prior.


“I’m mad … I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder,” said Miller.

Miller is highly respected for his research, and his professional experience is in the field of computer attack methodology includes identifying vulnerabilities in software and the crafting of exploits. Miller is the author of two books, "Fuzzing for Software Security Testing and Quality Assurance" and the "Mac Hacker's Handbook".

Miller spent five years as a Global Network Exploitation Analyst for the National Security Agency, has a Ph.D. from the University of Notre Dame, is a Red Hat Certified Engineer (RHCE), a GIAC Certified Forensics Analyst (GCFA), and holds a CISSP certification.

Miller is also unrivaled as a four-time Pwn2Own content winner (2008-2011) where he has successfully hacked the Mac OS X using various Safari exploits, and this year he won the iPhone hacking competition.

Miller has produced a video of the code-signing exploit which can be found here:

Miller also demonstrated battery firmware hacking methodology at the recent Hacker Halted conference in Miami - a video interview with Infosec Island examining the attack can be found here:

Also available is a print interview Infosec Island conducted with Miller earlier this year where he discussed the evolution of Apple's OS security features:

Possibly Related Articles:
Apple iPhone malware Application Security Mobile Devices iOS Charlie Miller OS X Lion
Post Rating I Like this!
James Anderson The guy is great at finding and exploiting bugs, but that gives him a right to release an exploit into the wild with no warning or communication with Apple? I don't think so. He knew the rules. Maybe he should grow up and take the medicine he knew would be coming. Maybe if he called Apple and sincerely apologized and tried to work it out instead of crying across the net – things might go back to normal.
Terry Perkins I can see why James thought he hadn't notified Apple prior to planting the app. The article isn't clear on that.
Dan Dieterle Seems to be the double edge sword that many security researchers are running into. They don't know if they will be financially rewarded for reporting a vulnerability, rebuked or even sued!

A lot of them are just moving on when they stumble onto a vulnerable system and not saying anything.
Terry Perkins That is just sad...... If he notified Apple prior to planting the app, he should be rewarded not rebuked.
Dan Dieterle Absolutely Terry, I am sure he will think twice before helping Apple again.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.