Hacking the iPhone: Andy Greenberg Interviews Charlie Miller

It's the same message that's been repeated at this site for years.

'There are two issues with the iPhone', ISE security researcher Charlie Miller told Andy Greenberg in Las Vegas.

'First, the specific weakness that we found in its web browser. But there's a more fundamental problem.'

Get It Try It

Indeed. It's the security model Apple chose for their device - or the lack of one. Considering they were bailed out by Unix and they keep distributing Unix one would think they not only learned Unix but learned from Unix.

Unfortunately there's no evidence to support that theory.

'The iPhone runs everything as root. In other words, there are no privileges for different users', explains Charlie Miller. 'They should have built layers of security. Instead, if you can find a single crack, any user has the entire phone at their disposal. Last week they basically patched a hole in the wall. But inside, it's still pudding.'

Pudding just like Microsoft Windows. But Windows never had and never will have security; OS X, based on FreeBSD Unix, has - or used to before it was ported to the iPhone.

'Features that make life easy for the user also make it easy for hackers', says Charlie who goes on to explain Apple are way behind the rest of the industry in the 'basic precautions' department.

'They also don't do some other basic things that are more technical, like randomising memory', says Charlie Miller. 'When you load a PC program, everything is in a different spot every time. But when you launch a Mac program, everything is in the same spot every time. That makes exploits much easier.'

Program load addresses are of course only one part of the issue: heap addresses and stack addresses and perhaps above all the ability to write to executable memory are gaping holes waiting to be screwed by hackerdom.

Charlie Miller also explains why OS X is still relatively safe.

'Bad guys aren't yet targeting Macs because they want to maximise their time. That means writing viruses that target 95% of computers rather than 5%. Apple currently have around 3.5% of the market but their market share is growing by around 35% a year. As Mac's numbers creep up to 30% or 40% cyber criminals will start asking whether it's better to spend two weeks writing a bug for Windows or just a couple days to write one for Macs.'

'Apple may soon be a victim of its own success. And every time someone like me finds a bug, it just gets more people looking', concludes Charlie Miller.