charliemiller
Latest
China ridesharing giant opens a self-driving car lab in the US
Didi's ever-expanding ridesharing empire might be centered in China, but it's still willing to head overseas to advance its goals. The company is opening an AI lab in Mountain View, California for the sake of its self-driving car ambitions. This doesn't mean that Didi's about to launch in the US (outside of its Lyft partnership), of course -- rather, it's to attract talent in a hotbed of autonomous driving research. And in at least one case, it appears to have scored a coup.
Automotive takeover schemes to be detailed at Defcon hacker conference
It's not like Toyota hasn't already faced its fair share of Prius braking issues, but it appears that even more headaches are headed its way at Defcon this week. Famed white hats Charlie Miller and Chris Valasek are preparing to unleash a 100-page paper at the annual hacker conference in Las Vegas, and notably, hacks that overtake both Toyota and Ford automotive systems will be positioned front and center. The information was gathered as part of a multi-month project that was funded by the US government, so it's important to note that the specifics of the exploits will not be revealed to the masses; they'll be given to the automakers so that they can patch things up before any ill-willed individuals discover it on their own. Using laptops patched into vehicular systems, the two were able to force a Prius to "brake suddenly at 80 miles an hour, jerk its steering wheel, and accelerate the engine," while they were also able to "disable the brakes of a Ford Escape traveling at very slow speeds." Of course, given just how computerized vehicles have become, it's hardly shocking to hear that they're now easier than ever to hack into. And look, if you're really freaked out, you could just invest in Google Glass and walk everywhere.
The Engadget Interview: Dr. Charlie Miller
Dr. Charlie Miller -- a man who has been covered extensively here at Engadget -- snagged a doctorate in Mathematics from the University of Notre Dame. He spent five years working on cryptography for the National Security Agency. And, after heading into the wilds of security analysis, he was the first to find a bug in the battery of the first MacBook Air, various bugs within Mac OS X and the Safari web browser and assorted bugs within iOS itself, all while racking up thousands of dollars in hacking contest prize money. PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 1 Linux becomes only OS to escape PWN 2 OWN unscathed Last week, this came to a head, as Miller created a controversial proof of concept application that both proved the existence of an iOS security hole as well as got him expelled from the App Store's developer network. Given that he's driven Apple Inc. somewhat nuts over the past few years, we sat down with the good doctor to see how he felt about Apple, iOS, security, technology, sandboxing, the pros and cons of modern security and the ups and downs of one of the weirdest career paths for any aspiring technologist today. Join us after the break for the full interview in both textual and audio form.
Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video)
This isn't the first brush Apple's iOS platform has had with apps that exploit security holes to run unsigned code, but according to the developer of InstaStock, this may be the first to get a security researcher booted from its developer program. Charlie Miller shared his discovery with Forbes earlier today, showing off an app which successfully made it through Apple's approval process despite packing the ability to download and run unsigned code. That could allow a malicious app to access user data or activate hardware features remotely. Apple pulled the app after the findings were published, and according to Miller, revoked his developer access shortly afterward for what seems to be a clear violation of the guidelines. He told CNET that he alerted Apple to the exploit three weeks ago, however it's unknown whether or not a fix for the problem is included in the new 5.0.1 version of iOS that's currently in testing. He'll be explaining his method in more detail next week at SysCan, but until the hole is confirmed closed we'd probably keep a tight leash on our app store browsing. [Thanks to everyone who sent this in]
Security researcher Charlie Miller finds serious bug in iOS
Security expert and Mac hacker Charlie Miller has uncovered an issue in iOS that would allow an app, downloaded from the App Store, to install and run malicious code on a device from a remote computer. The flaw, which Miller reportedly did upload to the App Store and got past Apple's security checks, would create an app that appears to be innocuous (like Miller's example app, which just runs stock information), but could then download instructions from another computer and then run any commands, steal user files (like photos and contacts) without permission, or even make the iOS device vibrate or play sounds. Miller's app has already been removed from the App Store, and we're certain Apple will plug this hole in an upcoming update. Even Miller admits it is a very obscure bug, hidden away in iOS but there nonetheless, a byproduct of how Apple had to tweak the system to speed up Javascript in Mobile Safari. He plans to detail the issue at the SysCan conference in Taiwan next week. Hopefully things will be fixed soon. If you're really worried, it's probably a good idea to hold off on updating or downloading any new apps, especially any that don't come from well-established developers. Still, as Apple is aware of this problem (since Miller's app has been pulled), it's unlikely that any more apps this bug will make it onto the Store itself. The larger issues are the flaw in iOS, why Apple had to create this exception to begin with, and how they are going to fix it.
Charlie Miller discusses iOS security and MacBook battery hacking with Tom's Hardware
Charlie Miller is a household name for those interested in Mac and iOS security. He was the first to hack the iPhone back in 2007, is a Pwn2Own veteran, and recently uncovered a battery firmware hack he'll discuss at the upcoming Black Hat 2011 Conference. Miller recently sat down with Tom's Hardware and talked about security, cloud computing, hardware hacks and more. It's a six-page interview, so get a hot cup of coffee, lean back in that lounger and prepare for a nice long read.
Charlie Miller finds MacBook battery security hole, plans to fill with Caulkgun
Those batteries have probably met a worse fate than the white MacBook line they came from. According to Forbes, Charlie Miller's managed to render seven of them useless after gaining total access to their micro-controllers' firmware via a security hole. Evidently, the Li-ion packs for the line of lappies -- including Airs and Pros -- are accessible with two passwords he dug up from an '09 software update. Chuck mentions that someone could "use them to do something really bad," including faulting charge-levels and thermal read-outs to possibly even making them explode. He also thinks hard-to-spot malware could be installed directly within the battery, repeatedly infecting a computer unless removed. Come August, he'll reportedly be detailing the vulnerability at the Black Hat security conference along with a fix he's dubbed Caulkgun, which only has the mild side-effect of locking-out updates by Apple. Worth being safe these days, though. Right? Full story in the links below.
Several Apple notebook models susceptible to battery hack
Security researcher Charlie Miller discovered a potential vulnerability affecting the batteries within select MacBook, MacBook Pro and MacBook Air models. The firmware on the chipset that controls the battery is secured with a single, easy to break default password. Once a hacker has this password, he could use it to manipulate the settings of the battery and possibly install malware that infects the computer every time it boots. Miller discovered this vulnerability when Apple issued an update that included code for the battery. He figured out the two default passwords and was able to reverse engineer the firmware. He then rewrote it to do whatever he wanted. He plans to show off this hack at the upcoming Black Hat Conference in August. This is more of an informative hack and not one likely to land on your computer. Thus far, Miller is the only one to discover this vulnerability and he is not releasing any details until next month. He also contacted Texas Instruments and Apple so a patch could be issued before the details of the hack goes public.
New trojan MusMinim-A written for Mac OS X
On Saturday, information security firm Sophos reported a new "backdoor Trojan" designed to allow remote operations and password "phishing" on systems running Mac OS X. The author of the Trojan refers to his or her work as "BlackHole RAT" and claims the malware is still in beta. Indeed, Sophos, who re-named the threat "OSX/MusMinim-A," says the current code is a very basic variation of darkComet, a well-known Remote Access Trojan (RAT) for Microsoft Windows. The source code for darkComet is freely available online. The biggest threat from MusMinim appears to be its ability to display fake prompts to enter the system's administrative password. This allows the malware to collect sensitive user and password data for later use. The Trojan also allows hackers to run shell commands, send URLs to the client to open a website, and force the Mac to shut down, restart or go to sleep arbitrarily. Other "symptoms" include mysterious text files on the user's desktop and full screen alerts that force the user to reboot. Additionally, the malware threatens to grow stronger. "Im a very new Virus, under Development, so there will be much more functions when im finished," the author of the Trojan claims via its user interface. Sophos believes the new malware indicates more hackers are taking notice of the increasingly popular Mac platform. "[MusMinim] could be indicative of more underground programmers taking note of Apple's increasing market share," says Sophos on its blog. Another line from the malware's user interface supports the idea that hackers' interest in Mac OS X is growing. "I know, most people think Macs can't be infected, but look, you ARE Infected!" In an apparent response to the increase in malware threats on the Mac, Apple is reportedly working with prominent information security analysts like Charlie Miller and Dino Dai Zovi to strengthen the overall security of Mac OS X Lion, the company's forthcoming major update to its desktop operating system. It's the first time Apple has openly invited researchers to scrutinize its software while still under development. Mac OS X Lion is scheduled to be released this summer. In the meantime, Sophos tells Mac users to be cautious when installing software from less trustworthy sources. "Trojans like this are frequently distributed through pirated software downloads, torrent sites, or anywhere you may download an application expecting to need to install it," they say. Also, "patching is an important part of protection on all platforms" to prevent hackers from exploiting security vulnerabilities in web browsers, plug-ins and other applications. [via AppleInsider]
Charlie Miller and Kim Jong-Il could pwn the Internet with two years, $100 million
Well there's one thing we can say about Charlie Miller -- he sure is an ambitious rascal. When not busy exposing security holes in OS X, our fave security expert (aside from Angelina Jolie in Hackers, of course) has laid out a shocking expose based on the following premise: if Kim Jong-Il had a budget of $100 million and a timeline of two years could North Korea's de facto leader (and sunglasses model) take down the United States in a cyberwar? It seems that the answer is yes. Using a thousand or so hackers, "ranging from elite computer commandos to basic college trained geeks," according to AFP, the country could target specific elements of a country's infrastructure (including smart grids, banks, and communications) and create "beacheads" by compromising systems up to two years before they pulled the trigger. Speaking at DEFCON this weekend, Miller mentioned that such an attack could be carried out by anyone, although North Korea has a few advantages, including the fact that its infrastructure is so low tech that even destroying the entire Internet would leave it pretty much unscathed. That said, we're not worried in the least bit: if the diminutive despot brings down the entire Internet, how is he ever going to see Twilight: Eclipse?
Charlie Miller to reveal 20 zero day security holes in Mac OS X
Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders down within 'Documents.' The famed Apple security expert is planning yet another slam on OS X at CanSecWest, where he'll reveal no fewer than 20 zero day security holes within OS X. According to Miller, "OS X has a large attack surface consisting of open source components, closed source third-party components and closed source Apple components; bugs in any of these types of components can lead to remote compromise." He also goes on to reemphasize something he's been screaming for years: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." In other words, Apple users are "safer" (due to the lack of work that goes into hacking them), "but less secure." So, is this a weird way of applying for a security job in Cupertino, or what?
O2 claims iPhone security patch will hit iTunes on Saturday, Apple stays silent
According to UK carrier O2, the SMS-based iPhone security hole that Charlie Miller unveiled on Black Hat this week should be patched by this weekend. An O2 spokesperson claimed the update would be pushed through iTunes this Saturday, says BBC. Apple hasn't made a comment yet, and it's not perfectly clear that this will be an update for iPhones worldwide, but hopefully that's the case -- the security flaw certainly isn't geographically limited. [Thanks to everyone who sent this in]
SMS vulnerability on iPhone to be revealed today, still isn't patched
Remember that alleged SMS-based security hole on the iPhone allowing evil-doers to execute arbitrary code and do all sorts of nasty crap like create an army of mobile zombies ready and willing to execute a DoS attack? The guy who found it, security expert Charlie Miller, said that he'd reveal the details of it at Black Hat -- and Black Hat's this week. Sure enough, Miller and his cohorts plan to unleash details of the hack today, and while they claim they informed Apple of the problem over a month ago, Cupertino's yet to make a move. We'd stop short of suggesting iPhone owners all turn off their handsets and take themselves firmly off the grid and into a completely disconnected underground bunker the moment the attack becomes public, but if it's as serious as Miller claims, it definitely bumps up the pressure on Apple to get a fix out on the double -- preferably before 3.1 drops.
PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat
And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here. Nevertheless, he was forced to sign a nondisclosure agreement that'll keep him quiet until "TippingPoint can notify the vendor," but at least he'll have $10,000 and a new laptop to cuddle with during his silent spell.
