[Infowarrior] - Apple Exiles A Security Researcher From Its Developer Program For Proof-of-Concept Exploit App

Richard Forno rforno at infowarrior.org
Tue Nov 8 08:11:20 CST 2011


11/07/2011 @ 8:15PM |32,304 views

Apple Exiles A Security Researcher From Its Developer Program For Proof-of-Concept Exploit App

http://www.forbes.com/sites/andygreenberg/2011/11/07/apple-exiles-a-security-researcher-from-its-developer-program-for-proof-of-concept-exploit-app/

Apple just sent a clear message to malicious hackers and security researchers alike: Keep your hands off the App Store.

Just hours after security researcher Charlie Miller told me about a new, potentially dangerous bug  he’d found in Apple’s iOS operating system that allows unapproved code to be run on iPads and iPhones, he received an email from Apple, nixing his license as an Apple developer.

“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”

Miller had, admittedly, created a proof-of-concept application to demonstrate his security exploit, and even gotten Apple to approve it for distribution in Apple’s App Store by hiding it inside a fake stock ticker program, a trick that Apple wrote violated the developer agreement that forbid him to “hide, misrepresent or obscure” any part of his app. But the researcher for the security consultancy Accuvant argues that he was only trying to demonstrate a serious security issue with a harmless demo, and that revoking his developer rights is “heavy-handed” and counterproductive. “I’m mad,” he says. “I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”
Apple didn’t immediately respond to my request for comment.

Miller has found and reported dozens of bugs to Apple in the last few years, and had alerted Apple to this latest flaw on October 14th.

The move to remove his license goes against Apple’s seeming attempts to match Google and Microsoft cozier relations with the security research community. In February, Apple invited security researchers to become part of its developer program to test its Lion operating system. Miller says he had already paid for his own developer license. “They went out of their way to let researchers in, and now they’re kicking me out for doing research,” Miller says. “I didn’t have to report this bug. Some bad guy could have found it instead and developed real malware.”

Apple was less harsh towards another recent iPhone hacker: 19-year-old Nicholas Allegra, also known as Comex, was hired by Apple as an intern in August after repeatedly inventing new techniques of breaking the iPhone’s and iPad’s security measures.

Miller chalks up the difference to Apple’s new management. “I miss Steve Jobs,” he says. “He never kicked me out of anything.”

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



More information about the Infowarrior mailing list