You’d think computer companies would learn wouldn’t you, when you see someone who points out a problem with your code, hardware or processes then you should thank them, embrace them – heck employ them if you can. Apple however have failed dismally in their response to Charlie Miller’s assistance on highlighting the problems in the App Store security process.
I means there’s two types of people out there who do this sort of hacking – white hat guys like Charlie Miller who will demonstrate the vulnerabilities, publish proof of concepts and let the company know. Of course it can be slightly embarrasing sometimes when you’ve dropped a bit of a clanger but there is an upside.
The upside is that the other type of people don’t get chance to figure it out – the Bulgarian uber hacker working underground for a Russian or Brazilian cyber criminal gang who exploit the hole after they’ve found it.
So what did Charlie Miller actually do?
Well it’s probably best to let the author demonstrate – make sure you watch it until the end to see the full extent of what this hack is capable of !
Pretty incredible heh!! The potential of this in the hands of the bad guys is probably what scared Apple and made them act like a spoilt brat by kicking Charlie Miller off the iOS developer program. White hat hackers as talented as this guy should be treated a bit better even if he did perhaps break a few little terms and conditions to illustrate the vulnerability.
I haven’t thought about the criminal possibilities of this but I am sure there are many beyond downloading everyone’s address book. I confess I’m still stuck on the prank possibilities of having every iPhone on the planet vibrate at exactly the same time. Pointless but fun and pandering to my inner megalomania without causing any real harm! If only I was as clever as Charlie Miller !!
Hopefully the kicking Apple is currently getting in the online media for their reaction will make them think again. Perhaps in some high up meeting somewhere in Apple Towers it will occur to someone that they should be actually thanking this guy. Otherwise they should get worried if he starts taking long holidays in Moscow next year.