Credit: Charlie Miller
Hackers are always looking for interesting ways around “the system”, whichever one that may be. In this case, Charlie Miller hatched this get-rich-quick idea:
- Write a stock quote app for iOS and put it on the AppStore
- Discover a code signing bypass that allows third-party apps to dynamically download and execute code and use this in his rogue app
- Entice himself to download the app
- Download and inject code into the app to spy on the list of stocks that he was using the app to get quotes for
- Make lucrative trades based on this valuable information
Unfortunately, before Charlie could profit sufficiently from this information, he talked to the press about his ingenius plot. Apple subsequently pulled his app from the AppStore and from his own iPhone hat had installed it (the only user of the app) as well as banned Charlie from the iOS Developer Program for one year. By doing this, Apple kept Charlie safe from himself for the entire next year.