Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

How The iPhone Was Cracked

From: "Dave Farber" <dave () farber net>
Date: Mon, 6 Aug 2007 13:09:41 +0900


-----Original Message-----
From: dewayne-net [mailto:dewayne-net () warpspeed com] On Behalf Of Dewayne
Hendricks
Sent: Monday, August 06, 2007 12:03 PM
To: Dewayne-Net Technology List
Subject: [Dewayne-Net] How The iPhone Was Cracked

[Note:  This item comes from friend Janos Gereben.  DLH]

August 3, 2007
How The iPhone Was Cracked
By Sean Michael Kerner

<http://www.internetnews.com/security/article.php/3692486>

LAS VEGAS -- The big iPhone hack has now been publicly presented. Too  
bad for the bad guys that Apple already patched the bug. Or have they?

Charlie Miller, a researcher with Independent Security Evaluators,  
took the stage at Black Hat Thursday and explained in line-by-line  
detail how he exploited the iPhone and why the Mac Operating system  
that powers the iPhone is easy to attack.

Though speaking at Black Hat Miller noted that he told Apple about  
the exploit early on.

"I gave them the exploit before anyone else, I gave them the content  
of the talk and I gave them a patch too," Miller told the audience.  
"I told them to have the patch out by august 2nd when I was giving  
the talk, they needed to do it and they decided to do it."

Miller had originally been scheduled to talk about security in  
Apple's "Leopard" OS for the Mac, but ended up shifting to the iPhone  
for a number of reasons. For one thing, the fact that Leopard's  
release has been delayed by Apple. Fundamentally though, Miller  
argued that the iPhone is just using a stripped down version of the  
Mac OS so his general line of reasoning still made sense.

"There is a prevailing belief is that Apple is more secure than  
Windows," Miller said.

But in his view, that belief is misplaced. He said the same reasons  
why Macs are cool are the same reasons why they are so easy to hack.

"Macs are easy to hack because they are easy to use," Miller said.  
"To enable them to be friendly they have a lot of setuid root programs."

Additionally Macs have very good crash reporting which makes  
attacking them even easier than Windows.

"When fuzzing you usually have to monitor a target to know when it  
has crashed," Miller explained. "On a Mac it . provides a crash  
report which helps you to fuzz."

Miller argued that exploitation is easy on a Mac since the system is  
very predictable. Apple doesn't randomize anything, stack, heap, or  
location of dynamic libraries, which makes it easy to identify attack  
vectors.

Even worse is the fact that Apple uses open source software that is  
often several versions behind what the most current releases are. To  
prove his point, Miller noted that until Apple's Mac OS recent  
update, the version of Samba, which is a Windows file sharing tool,  
was several versions out of date and had a remote exploit in it that  
had been open since February of 2005.

Miller alleged that the way to find a Zero-day (define) bug on a Mac  
is a simple exercise of finding open source packages that are out of  
date.

Miller alleged that some of those old open source applications may be  
on the iPhone though that's not how they found the big iPhone bug  
that Apple has now fixed.

[snip]



-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: