iPhone bug could let hackers steal photos, contacts and send texts according to a researcher

(CNN) -- A bug in Apple's mobile operating system allows hackers to take control of iPhone and iPad apps, using them to steal people's photos, contacts and even send text messages without the device's user knowing about it, according to a notable computer security researcher.

Charlie Miller, a researcher at Accuvant and one of the world's best-known Apple hackers, said Tuesday that the bug proves the Apple App Store isn't as safe as advertised.

"Until now, you could just blindly trust and download as many apps as you wanted and not worry about it," Miller said in an interview with CNN. "But until they fix this, you really should think twice about any apps you're downloading, because they could be malicious."

Miller said he alerted Apple to the bug three weeks ago and the company told him a fix was in the works. Apple did not respond to CNN's request for comment on the apparent security flaw, which Miller explains in detail on YouTube.

He plans to show people how the bug works at an upcoming computer security conference in Taiwan, called SyScan. To date, he has not released details that would allow hackers to take advantage of the apparent security flaw, and he said he has no evidence that hackers have used the hole to manipulate iPhones and iPads.

Miller says he has exposed the bug to prevent a hacker with bad intentions from taking advantage of iPhone and iPad owners.

As thanks for that work, he said, Apple banned him from the iOS developer program for a year.

"I think it's pretty rude," he said. "If you think about what I'm doing -- I'm pointing out a flaw that would affect everybody and that the bad guys could use to install malware (malicious software). And they're not paying me, I'm just doing it to be nice."

If hackers found the security flaw, he said, any iOS app could be compromised in a way that malicious code could be installed through the app and onto the device.

"It could grab your address book and ship it off to the bad guy," he said. "It could grab all your photos and ship them off to a bad guy."

That's a big deal for Apple's App Store, he said, since until now, that online marketplace for iPhone and iPad programs had been free of malicious software. Apple checks each app before it's approved for sale at the App Store, which allows the company to keep bugs out.

This hack could take advantage of a flaw in that checking system to compromise any app, Miller said. He said that essentially reduces the App Store's security to that of the Google Android Market, since Google doesn't screen apps in the way Apple does.

But overall, the App Store is still safer than the Android Market, Miller said.

"It's totally just a blip," he said of the security hole. "I'm very happy with the way (Apple has) designed the system to prevent malware. It's really the ideal situation."

He added: "It's a very safe environment except for this. It just shows that you've never completely safe."

™ & © 2011 Cable News Network, Inc., a Time Warner Company. All rights reserved.

Print this article Back to Top