Charlie Miller, hacker, explains iPhone's Safari vulnerability
SiliconValley.com has published a short interview with Charlie Miller, a veteran hacker at Independent Security Evaluators, who exploited a bug in the Safari browser in order to take control of an iPhone.
Apple were forced to release a patch in good time, thanks to his promise to reveal the details and method of the hack at the Black Hat conference in Las Vegas.
Miller believes in responsible hacking, alerting a company to a flaw in their product, but also on forcing that company to work quickly to release a patch.
I sent Apple an e-mail. They have a particular address that you're supposed to use to report a bug. I sent them all of our technical details. I sent them a patch they could use to fix it.I was already scheduled to talk (on Aug. 2) about the Mac OS at the Black Hat conference in Las Vegas. I also told them that I was going to talk about the iPhone bug and release the details on that day. I said please have a patch ready before then. I said I would like to work with you on this. That was it. They had two to three weeks to work on it. They got it done a couple of days before the conference. They did ask me to postpone. I told them sorry, I couldn't move the time of the talk.
Part of the reason the hack, which a rogue website could exploit to take control of the iPhone and port personal data to a third party, was relatively easy to perform was because of the near-identical operating system on the iPhone as on Macs.
In theory, it's not a bad idea (that) it uses the same operating system. It is tested and runs well. But for me, it was easier than attacking another phone because I already knew the Mac.
Miller criticised Apple for not updating some open source software used in Safari, even though the original developers had issued a security patch over a year ago.
Related posts
Aussie hacker claims iPhone now unlocked for use on any network
iPhone hack offers open source NES emulator
iPhone security flaw revealed
Powermat: Revolutionary Gadget Charging
Came straight to this page? Visit www.iphonic.tv for all the latest news.
