Black Hat 2007: The Big iPhone Hack Explained

The big iPhone hack has now been publicly presented. Too bad for the bad guys that Apple already patched by the bug, or have they? Charlie Miller, a researcher with Independent Security Evaluators, took the stage at Black Hat Thursday and explained explained in line-by-line detail how he exploited the iPhone and why the Mac […]

The big iPhone hack has now been publicly presented. Too bad for the bad guys that Apple already patched by the bug, or have they?

Charlie Miller, a researcher with Independent Security Evaluators, took the stage at Black Hat Thursday and explained explained in line-by-line detail how he exploited the iPhone and why the Mac Operating system that powers the iPhone is easy to attack.

Though speaking at Black Hat Miller noted that he told Apple about the exploit early on.

"I gave them the exploit before anyone else, I gave them the content of the talk and I gave them a patch too," Miller told the audience. "I told them to have the patch out by august 2nd when I was giving the talk, they needed to do it and they decided to do it."

Miller had originally been scheduled to talk about security in Apple's "Leopard" OS for the Mac, but ended up shifting to the iPhone for a number of reasons. For one thing, the fact that Leopard's release has been delayed by Apple. Fundamentally though, Miller argued that the iPhone is just using a stripped down version of the Mac OS so his general line of reasoning still made sense.

"There is a prevailing belief is that Apple is more secure than Windows," Miller said.

But in his view, that belief is misplaced. He said the same reasons why Macs are cool are the same reasons why they are so easy to hack.

"Macs are easy to hack because they are easy to use," Miller said. "To enable them to be friendly they have a lot of setuid root programs."

Full Article

Black Hat 2007, BlackHat 2007, Apple, iPhone, iPhone Hack, Hack, Hacker, Hacking, iPhone Hacking, iPhone Hacker, Mac OS X, Security conference, Events, Conferences