Friday, March 28, 2008

Charlie Miller the Apple hacker

Charlie Miller has done it again. He had for his security firm Independent Security Evaluators hacked iphone last year. He pointed out that an attacker-controlled WiFi access point could be all that's needed to get through the security hole. Other possibilities include an attacker embedding the malicious code into something like a forum thread so that the user could be exploited even when going to a trusted site, or by merely directing users to a malicious web site by sending them a link in e-mail or SMS. The results are that the code embedded in the page then runs with administrative privileges

Now he has this year hacked the Macbook air in just two minutes in this year's CanSecWest conference. In two minutes he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer. Because of this exploit he has won $10000 in cash.

And yes, Apple has been notified about the hole.