By Joaquim P. Menezes -
Remember Charlie Miller? He’s the security analyst from Independent Security Evaluators who shot into prominence last week for exposing a serious vulnerability in the Apple iPhone. Yesterday – at the Black Hat Conference in Las Vegas – Miller explained his iPhone exploit in some detail. While the exploit was the main focus of his presentation, Miller began with an interesting – some would say controversial – exposition of the changing Mac security environment. Remember, the tag line about Mac’s OS X offering the highest level of security “through the adoption of industry standards, open software development, and wise architectural decisions.” Sure you do.
It's right up on the Apple Web site along with the assertion that “Apple engineers designed Safari to be secure from day one.” We may want to exercise some healthy skepticism re. both assertions, Miller suggests. Reminds me of my favourite saying: “many a slip between the cup and the lip.” Miller identified some of these slips. The motivation for hacking Mac’s, he noted, is growing in proportion to the system’s marketshare.
While its current marketshare is 6.5 per cent of operating systems, it’s growing 35 per cent a year. So are the bugs.The Month of Apple Bugs (MOAB) site lists Apple bugs, month by month. For January 2007 – “at least two remote client side and five local vulnerabilities [were detected] in the default install.” And there are lots and lots of folk out there itching to exploit those vulnerabilities.
Miller alluded to the Hack a Mac contest by CanSecWest. The contest was actually dubbed ‘PWN to OWN’ (PWN is Web slang for "to whoop the butt of an opponent.”). At the conference held in Vancouver, in April, two Apple MacBook Pro computers were set up as hacker targets, with the person who successfully breaks into the machine getting to keep it. Miller cited a few reasons why he believes hacking MACs is easy.
These are listed in the comprehensive Power Point slide deck he used to illustrate his key points. Check it out. And do tell us what you think!