Charlie Miller Stories September 14, 2012

Twitter picks up iPhone hacker Charlie Miller for its security team

[tweet https://twitter.com/0xcharlie/statuses/246598708865679360]

Forbes reported on Twitter’s latest hire: Charlie Miller. He is a well-known iOS and Mac hacker who discovered various exploits for the platforms in recent years. Miller will join Twitter’s security team with the title “Software Engineer, Systems.”

Miller has a long list of epic hacks in his recent past: In 2007, he was the first to fully compromise the iPhone through its web browser. Six months later he won the Pwn2Own hacking competition in Vancouver by compromising a Macbook Air in two minutes. In 2009, he revealed a technique that would have allowed an attacker to hijack iPhones via text message, virally spreading from phone to phone. He’s found a method of infecting Macbooks with malware via their power adapter, and had his Apple developer license revoked for successfully sneaking an iOS app past Apple’s safeguards. Most recently he’s shifted his focus to Android, defeating Google’s “Bouncer” program for detecting malware in the Android Market and using near-field communications chips to wirelessly compromise Samsung and Nokia phones just by waving another device near them.

Charlie Miller Stories November 7, 2011

Security expert Charlie Miller has found a flaw in code signing on iOS devices (via Forbes) that allows developers to sneak malware apps onto the App Store without Apple’s detection. The malware can then be used to read user’s contacts, make the phone vibrate or sound a ringtone, steal user’s photos, and more whenever the developer chooses. Sketchy!

To shed more light on the exploit Miller is giving a talk at the SysCan conference in Taiwan next week, but he does a good job in showing it off in the video above. Miller isn’t a novice to iOS and Mac security by any means. In 2008 Miller broke into the MacBook Air in two minutes through Safari and more.

Users would definitely be taken by surprise, seeing as we’re all pretty comfortable with how secure Apple keeps the App Store with the company’s review process. Sadly, it looks like any app could be used to harm users. For now, we suggest you keep away from lesser-known apps and developers until Apple issues a fix for the exploit.

Miller’s app has been both removed from the App Store and his developer account has been closed. At any rate, this was definitely a nice find.

Powered by WordPress.com VIP