Apple bans researcher for making security loopholes public
Apple platforms have mostly been less susceptible to security breaches, and are more trusted. That good name may now be tarnished by a recent stunt to uncover a flaw in the system which allows a virus loaded app to pass and made public to show that the vulnerability is real. Instead of acknowledging the issue, Apple's first priority was to remove the app and kick him out from the Apple developer's program.
The security of Apple’s approval system for third party apps was publicly put to question recently when a stock tracking app, InstaStock, written by a security researcher Charlie Miller, was discovered to have utilized a security loophole to demonstrate a weakness in Apple's iOS. While harmless by itself, the app will install a malware which is obtained when the user is connected to the Internet, giving ability to manipulate sensitive information on the device, as well as pushing bogus notifications.
While the app has been live since September, it was quickly removed when the security breach it was employing was discovered. The creators of the iOS were also swift to show their unhappiness by revoking Miller’s developer license as well.
“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check”, Miller mentions, “with this bug, you can’t be assured of anything you download from the App Store behaving nicely.”
Miller was apparently unhappy with Apple’s decision to punish him, as he tweeted: “First they give researcher’s access to developer programs; (although I paid for mine) then they kick them… for doing research. Me angry.”
He has reasons to be upset, as he intended to reveal the security flaw at the SysCan conference in Taiwan due on 17 November. Like it or not, Miller has successfully put a dent in Apple’s reputation for creating well-protected platform, and while this may not balance out the mobile security playing field, it has done enough to show that lapse in vigilance can exist anywhere.