How The iPhone Was Cracked

LAS VEGAS — The big iPhone hack has
now been publicly presented. Too bad for the bad guys
that Apple already patched by the bug, or have they?

Charlie Miller, a researcher with Independent Security
Evaluators, took the stage at Black Hat Thursday and explained explained in line-by-line detail how he exploited the
iPhone and why the Mac Operating system that powers the
iPhone is easy to attack.

Though speaking at Black Hat Miller noted that he told
Apple about the exploit early on.

“I gave them the exploit before anyone else, I gave them
the content of the talk and I gave them a patch too,”
Miller told the audience. “I told them to have the patch
out by august 2nd when I was giving the talk, they needed
to do it and they decided to do it.”

Miller had originally been scheduled to talk about security in Apple’s “Leopard” OS for the Mac, but ended up shifting to the iPhone for a number of reasons. For one thing, the fact that Leopard’s release has been delayed by Apple. Fundamentally though, Miller argued that the iPhone is just using a stripped down
version of the Mac OS so his general line of reasoning
still made sense.

“There is a prevailing belief is that Apple is more secure
than Windows,” Miller said.

But in his view, that belief is misplaced. He said the same reasons why
Macs are cool are the same reasons why they are so easy to
hack.

“Macs are easy to hack because they are easy to use,”
Miller said. “To enable them to be friendly they have a
lot of setuid root programs.”

Additionally Macs have very good crash reporting which
makes attacking them even easier than Windows.

“When fuzzing you usually have to monitor a target to know
when it has crashed,” Miller explained. “On a Mac it … provides a crash report which helps
you to fuzz.”

Miller argued that exploitation is easy on a Mac since the
system is very predictable. Apple doesn’t randomize
anything, stack, heap, or location of dynamic libraries, which
makes it easy to identify attack vectors.

Even worse is the fact that Apple uses open source
software that is often several versions behind what the
most current releases are. To prove his point, Miller
noted that until Apple’s Mac OS recent update, the version
of Samba, which is a Windows file sharing tool, was
several versions out of date and had a remote exploit in
it that had been open since February of 2005.

Miller alleged that the way to find a Zero-day (define) bug on a Mac is
a simple exercise of finding open source packages that
are out of date.

Miller alleged that some of those old open source
applications may be on the iPhone though that’s not how
they found the big iPhone bug that Apple has now fixed.

The iPhone exploit is a heap overflow exploit and Miller
explained that he found it the old fashioned way, fuzzing.
Fuzzing is a popular technique that does automatic code
injection in an effort to brute force compromise an
application.

“We fuzzed the iPhone with various javascipt regular
expressions containing “[[**]]”, ” Miller explained. “We
then sorted through the crash reports and then eventually
found a good bug. It took a couple of days.”

Miller and his team also figured out how to use some
privacy data stealing shellcode that could read and write
to iPhone. He also wrote shellcode that could do other
interesting stuff such as trigger the iPhone to vibrate on
command.

Even though Miller thinks Macs are easy to hack, he’s not
anti-Apple.

“Macs have security problems but I still like them and I’m
still friends with my Mac.”

This article was first published on InternetNews.com.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020