Insta-Banned: Ticker Exposes Breeches—License Yanked

Usually, when you are a gigantic computing firm, one would assume that their prime goal would be to protect the inner interests of their platforms, which normally comes in the form of bug detection.  The latest form of attempting to shoot a distress signal towards Apple,Inc. was shattered when white-hat hacker and former National Security Agency researcher Charlie Miller was given the app developer ‘boot’ for exposing a potential security breech in application protocols for disguising a malware bug in a stock ticker called InstaStock; this malware was intended to expose the fact that not all programs correctly collect the proper security key from Apple’s website when an app is developed and placed onto an iPhone.

Helping or Hacking?

This attempt to awaken the digital giants was easily done by passing this fake stock ticker through app approval, then once placed on the respective device, would download contacts to a computer, launch a random YouTube video, or cause a vibration to occur in the phone; since all of these are supposed to be forbidden acts, Apple found this to breech their app development ‘bi-laws’ and yanked his developer license from him.  So much for a thank you, or even compensation, for this potential major security threat.

Miller has been exposing the flaws of Apple for quite some time now.  In the span of nearly 4 years, Miller has exposed approximately 10 known flaws in Apple gadgetry, such as a hack that would demolish Apple laptop batteries, potentially setting the laptop on fire or infecting the machine with malware meant to freeze the OS to the point of reinstall.  Also, an iPhone text messaging hack was discovered by Miller that would allow the assailant to take control of the telephone through a blast of texts.  Up to that point, it had appeared Apple was singing the praises of the ‘Robin Hood’ of hackers; however this newly discovered attempt to make the tech kings privy to possible OS flaws was too far.

What Will Apple Tolerate?

In the world of computing, what is really considered to be ‘too far’? There are hundreds of people hired by corporations to purposely break into their security to expose potential flaws, and if a company like Apple simply balks when an attack on their precious operating system occurs, it could possibly wake consumers to the values they possess, and who’s best interests are really at heart.  In reference to this incident, Miller had contacted Apple on numerous occasions to explain the flaw that was found, but apparently they showed no interest in correction, hence the stock ticker app was needed to send some sort of signal to users and the company.  While blaming Miller would seemingly be a prudent move for the computing firm, it actually sends the message that ‘flaws are ok, as long as you buy our products’, which could very well customers crawling back to the safer Android platform.

No matter what angle you look at this episode—in terms of violator or an app developer’s savior—Miller has genuinely awaken the engineers at Apple in one way or another, even if it’s just to peek at current OS flaws and developing a patch to send to iPhone users.  While perhaps Miller could have been slightly more forthcoming with his attempts to make Apple privy to their platform flop, he martyrized himself by knowingly allowing Apple to discover this error, and allow revocation of his developer license.  Currently a research consultant with Accuvant, Miller makes the chilling remark that “until the flaw is fixed, you cannot trust the AppStore”. Albeit true or fictitious, the exposure of this flaw should open the eyes of OS developers worldwide to security threats and points of entry for those attacks.