iPhone hacker provides interesting insights

 

In a San Jose Mercury News interview, Charlie Miller, who successfully created an exploit that essentially took over the iPhone, provides some interesting insights into hacking, as well as into operations at Apple. More importantly, the interview also provides insights into intrinsic flaws in Safari and Mac OS X, both of which underlie the Macintosh as well as the iPhone.


On disclosing a flaw once you've found it:

  1. Q. You err toward responsible disclosure on hacking instead of immediate and full disclosure?

  2. A. Yeah. What we did was ideal. The weakest link in responsible disclosure is you give the company the information. They have the option to sit on it for a very long time. During that time, of course, everyone is at risk. By giving them a deadline, we forced them to act a lot faster than they would have liked to. That is good for the users...


On Safari and Mac OS X:

  1. Q. Can you describe the steps involved (in the hack)?

  2. A. A program that is well designed should be able to handle any inputs that come into it... With this Safari Web browser program, if you sent it invalid inputs, it didn't reject it... It wound up crashing and falling all over itself. The result is that by carefully choosing input, you can actually take control of the whole process. That's exactly what we did.

  3. Q. You could pretend to direct people to a Web site where you could take control of the iPhone?

  4. A. Right. So what we did with this hack was if you went to a Web site with this bad data it couldn't handle, the bad data would go into the phone. It would grab a bunch of files with your call history, your voice mail, your text messages, your e-mails, and take all of that information. It would make a second connection and pass all of that information out to us.

  5. Q. You had a big head start on exploiting this vulnerability because it was the same thing that was flawed in the Mac OS and Safari Web browser for the Mac?

  6. A. Right. In theory, it's not a bad idea (that) it uses the same operating system. It is tested and runs well. But for me, it was easier than attacking another phone because I already knew the Mac.

  7. Q. How old is that vulnerability? Is it something Apple knew but neglected to fix?

  8. A. I don't know what Apple knew. They had code from an open-source library that they hadn't updated. The open-source library people had updated a year ago. I can't speculate on why Apple didn't update it. The fact is they should have and if they had, this wouldn't have happened.


On an intrinsic iPhone design flaw:

  1. Q. What is your prediction for future iPhone hacks?

  2. A. I think there will be more. I like to say there are two problems. One was the vulnerability we found. Another was a deeper issue with the way they designed the iPhone. Any problem you find in Safari leads to a full iPhone compromise. Safari should not be able to dial the phone or read e-mails.


All-in-all a bit worrisome, both for iPhone and Mac users.

Tuesday, August 21, 2007

 
 

next >

< previous

blog home    book home