Security researcher Charlie Miller has reportedly been blacklisted by Apple after he disclosed a potential vulnerability in the computer giant's mobile software.
Apple software is often heralded for tight data security restrictions, as the company's rigorous approval process makes it difficult for vulnerabilities to slip through the cracks. The process, however, isn't bulletproof. According to technology news provider Gizmag, Miller created an app that could take control of and steal data from iOS devices, like the iPhone and iPad. He then managed to get the app approved for distribution through the App Store.
Gizmag reported that Miller's app was disguised as a stock market tracker. It includes no "overtly malignant code," but once installed on a device, it is capable of downloading code from a remote server. The app is designed to download code only on its first use, suggesting that there are limitations to the app's capabilities. However, Miller was still able to control an iOS device via the remote server.
In November, Miller received an email from Apple, informing him that he had violated his iOS Developer Program License Agreement, which was subsequently terminated. According to Gizmag, the email was sent hours after Miller publicly disclosed his findings, but three weeks after he had reported the issue to Apple.
Though Miller's app may be more complicated than most malware out there, it does highlight the growing need to protect mobile devices from threats such as these. Once assumed to be safe from cyberthreats, smartphones, tablets and other mobile devices have seen a spike in malware activity in recent months.
A recent Reuters report focused on the mobile threat, noting that hackers and other cybercriminals have turned their attention to this segment. Mobile devices are now being used for nearly all activities once conducted almost exclusively on PCs, including online shopping and banking. Recognizing a potentially lucrative opportunity, cybercriminals are targeting smartphones and tablets in order to exploit unsuspecting users.
"Mobile security has become a major concern since smartphone transactions are now of much higher value, including corporate data access, managing personal finances and online purchases," Steven Nathasingh of research firm Vaxa told Reuters.
Citing figures from Juniper Research, Reuters pointed out that fewer than 5 percent of smartphone owners have actually installed antivirus and security software onto their devices, though the market for mobile security is expected to skyrocket in the coming years.
When it comes to mobile security, Google's Android tends to receive the bulk of the criticism, as the platform's somewhat lax app approval process has made it a new favorite target for cybercriminals. However, as Miller has demonstrated, iOS and other platforms are at risk as well.
Furthermore, Miller's app exemplifies a point highlighted in Trend Micro's 12 Security Predictions for 2012 report – security vulnerabilities will be found in seemingly legitimate mobile apps. Such a development could be especially dangerous, as it will make it easier for cybercriminals to extract information from mobile device users.
"To date, mobile platform threats come in the form of malicious apps. Moving forward, we expect cybercriminals to go after legitimate apps as well. They will likely find either vulnerabilities or coding errors that can lead to user data theft or exposure," the report stated.
For businesses especially, this news could be worrisome, as consumerization and bring-your-own-device policies are becoming increasingly common in the enterprise. Incidents directly related to this development will undoubtedly occur within the next few years. As a result, it is crucial that IT administrators do what they can do mitigate the threats by establishing mobile policies and implementing security measures, such as remote lock and data wiping.
Consumerization News from SimplySecurity.com by Trend Micro