Engadget

The Engadget Interview: Dr. Charlie Miller

Chris Barylick — Fri, 18 Nov 2011 13:30:00 EST

Dr. Charlie Miller -- a man who has been covered extensively here at Engadget -- snagged a doctorate in Mathematics from the University of Notre Dame. He spent five years working on cryptography for the National Security Agency. And, after heading into the wilds of security analysis, he was the first to find a bug in the battery of the first MacBook Air, various bugs within Mac OS X and the Safari web browser and assorted bugs within iOS itself, all while racking up thousands of dollars in hacking contest prize money.

PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat

The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 1

Linux becomes only OS to escape PWN 2 OWN unscathed

Last week, this came to a head, as Miller created a controversial proof of concept application that both proved the existence of an iOS security hole as well as got him expelled from the App Store's developer network. Given that he's driven Apple Inc. somewhat nuts over the past few years, we sat down with the good doctor to see how he felt about Apple, iOS, security, technology, sandboxing, the pros and cons of modern security and the ups and downs of one of the weirdest career paths for any aspiring technologist today. Join us after the break for the full interview in both textual and audio form.

Continue reading The Engadget Interview: Dr. Charlie Miller

The Engadget Interview: Dr. Charlie Miller originally appeared on Engadget on Fri, 18 Nov 2011 13:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video)

Richard Lawler — Mon, 07 Nov 2011 22:57:00 EST

This isn't the first brush Apple's iOS platform has had with apps that exploit security holes to run unsigned code, but according to the developer of InstaStock, this may be the first to get a security researcher booted from its developer program. Charlie Miller shared his discovery with Forbes earlier today, showing off an app which successfully made it through Apple's approval process despite packing the ability to download and run unsigned code. That could allow a malicious app to access user data or activate hardware features remotely. Apple pulled the app after the findings were published, and according to Miller, revoked his developer access shortly afterward for what seems to be a clear violation of the guidelines. He told CNET that he alerted Apple to the exploit three weeks ago, however it's unknown whether or not a fix for the problem is included in the new 5.0.1 version of iOS that's currently in testing. He'll be explaining his method in more detail next week at SysCan, but until the hole is confirmed closed we'd probably keep a tight leash on our app store browsing.

[Thanks to everyone who sent this in]

Continue reading Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video)

Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video) originally appeared on Engadget on Mon, 07 Nov 2011 22:57:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun

Joe Pollicino — Fri, 22 Jul 2011 23:59:00 EST

Those batteries have probably met a worse fate than the white MacBook line they came from. According to Forbes, Charlie Miller's managed to render seven of them useless after gaining total access to their micro-controllers' firmware via a security hole. Evidently, the Li-ion packs for the line of lappies -- including Airs and Pros -- are accessible with two passwords he dug up from an '09 software update. Chuck mentions that someone could "use them to do something really bad," including faulting charge-levels and thermal read-outs to possibly even making them explode. He also thinks hard-to-spot malware could be installed directly within the battery, repeatedly infecting a computer unless removed. Come August, he'll reportedly be detailing the vulnerability at the Black Hat security conference along with a fix he's dubbed Caulkgun, which only has the mild side-effect of locking-out updates by Apple. Worth being safe these days, though. Right? Full story in the links below.

Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun originally appeared on Engadget on Fri, 22 Jul 2011 23:59:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Charlie Miller and Kim Jong-Il could pwn the Internet with two years, $100 million

Joseph L. Flatley — Mon, 02 Aug 2010 11:53:00 EST

Well there's one thing we can say about Charlie Miller -- he sure is an ambitious rascal. When not busy exposing security holes in OS X, our fave security expert (aside from Angelina Jolie in Hackers, of course) has laid out a shocking expose based on the following premise: if Kim Jong-Il had a budget of $100 million and a timeline of two years could North Korea's de facto leader (and sunglasses model) take down the United States in a cyberwar? It seems that the answer is yes. Using a thousand or so hackers, "ranging from elite computer commandos to basic college trained geeks," according to AFP, the country could target specific elements of a country's infrastructure (including smart grids, banks, and communications) and create "beacheads" by compromising systems up to two years before they pulled the trigger. Speaking at DEFCON this weekend, Miller mentioned that such an attack could be carried out by anyone, although North Korea has a few advantages, including the fact that its infrastructure is so low tech that even destroying the entire Internet would leave it pretty much unscathed. That said, we're not worried in the least bit: if the diminutive despot brings down the entire Internet, how is he ever going to see Twilight: Eclipse?

Charlie Miller and Kim Jong-Il could pwn the Internet with two years, $100 million originally appeared on Engadget on Mon, 02 Aug 2010 11:53:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Charlie Miller to reveal 20 zero day security holes in Mac OS X

Darren Murph — Fri, 19 Mar 2010 09:29:00 EST

Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders down within 'Documents.' The famed Apple security expert is planning yet another slam on OS X at CanSecWest, where he'll reveal no fewer than 20 zero day security holes within OS X. According to Miller, "OS X has a large attack surface consisting of open source components, closed source third-party components and closed source Apple components; bugs in any of these types of components can lead to remote compromise." He also goes on to reemphasize something he's been screaming for years: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." In other words, Apple users are "safer" (due to the lack of work that goes into hacking them), "but less secure." So, is this a weird way of applying for a security job in Cupertino, or what?

Charlie Miller to reveal 20 zero day security holes in Mac OS X originally appeared on Engadget on Fri, 19 Mar 2010 09:29:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

O2 claims iPhone security patch will hit iTunes on Saturday, Apple stays silent

Paul Miller — Fri, 31 Jul 2009 11:05:00 EST

According to UK carrier O2, the SMS-based iPhone security hole that Charlie Miller unveiled on Black Hat this week should be patched by this weekend. An O2 spokesperson claimed the update would be pushed through iTunes this Saturday, says BBC. Apple hasn't made a comment yet, and it's not perfectly clear that this will be an update for iPhones worldwide, but hopefully that's the case -- the security flaw certainly isn't geographically limited.

[Thanks to everyone who sent this in]

Filed under: Cellphones, Handhelds

O2 claims iPhone security patch will hit iTunes on Saturday, Apple stays silent originally appeared on Engadget on Fri, 31 Jul 2009 11:05:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

SMS vulnerability on iPhone to be revealed today, still isn't patched

Chris Ziegler — Thu, 30 Jul 2009 03:29:00 EST

Remember that alleged SMS-based security hole on the iPhone allowing evil-doers to execute arbitrary code and do all sorts of nasty crap like create an army of mobile zombies ready and willing to execute a DoS attack? The guy who found it, security expert Charlie Miller, said that he'd reveal the details of it at Black Hat -- and Black Hat's this week. Sure enough, Miller and his cohorts plan to unleash details of the hack today, and while they claim they informed Apple of the problem over a month ago, Cupertino's yet to make a move. We'd stop short of suggesting iPhone owners all turn off their handsets and take themselves firmly off the grid and into a completely disconnected underground bunker the moment the attack becomes public, but if it's as serious as Miller claims, it definitely bumps up the pressure on Apple to get a fix out on the double -- preferably before 3.1 drops.

Filed under: Cellphones, Handhelds

SMS vulnerability on iPhone to be revealed today, still isn't patched originally appeared on Engadget on Thu, 30 Jul 2009 03:29:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

SMS vulnerability on iPhone to be revealed today, still isn't patched

Chris Ziegler — Thu, 30 Jul 2009 03:29:00 EST

Filed under: Software, Apple, iPhone OS

SMS vulnerability on iPhone to be revealed today, still isn't patched originally appeared on Engadget on Thu, 30 Jul 2009 03:29:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat

Darren Murph — Thu, 27 Mar 2008 17:57:00 EST

And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here. Nevertheless, he was forced to sign a nondisclosure agreement that'll keep him quiet until "TippingPoint can notify the vendor," but at least he'll have $10,000 and a new laptop to cuddle with during his silent spell.

Filed under: Laptops

PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat originally appeared on Engadget on Thu, 27 Mar 2008 17:57:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments