[ISN] Security Reseacher Hopes He Has iPhone Security Exploit At the Ready

From: InfoSec News (alerts@private)
Date: Wed Jun 13 2007 - 22:09:52 PDT


http://blog.wired.com/27bstroke6/2007/06/security_reseac.html

By Ryan Singel 
June 13, 2007

Like many geeks, security researcher David Maynor is eager to get his 
hands on an iPhone.  Unlike many geeks, Maynor also has harsh feelings 
about the Think Different company and what he says is an undisclosed 
vulnerability in Apple's Safari browser that he hopes will let him hack 
into the hugely anticipated device.

After Apple released the beta version of Maynor took a whack at Apple's 
Safari browser for Windows using fairly easily available bug-finding 
tools and says he found six bugs in a day. Maynor says one of them 
allows him to execute code remotely and he's "weaponized" it, according 
to his blog.

"One of the six is robust. I'm going to work on better remote execution 
and then wait for the iPhone," Maynor told THREAT LEVEL today as part of 
an interview for a Wired News story running Thursday. "Everyone I know 
is eager to hack the iPhone. Maybe that would actually break into it."

"I'm going to the first in line," he added later, saying that after 
Apple CEO Steve Jobs announced that developers can write apps for the 
iPhone through Safari, "it's going to be a free-for-all."

For for those who don't know, Maynor and Apple are not friends. Far from 
it.

He refuses to report bugs to Apple following an incident last summer 
when he divulged a wireless driver bug to Apple.  He later demoed an 
exploit on a non-Apple wireless adapter in a video to a conference. 
Apple then tried to make him say the code wouldn't work on a MacBook and 
denied he provided Apple with enough info for them to find the bug.  
Mac backers accused Maynard and security journalist Brian Krebs of 
overblowing the situation.  Apple later patched the bug with no mention 
of Maynard. While Maynard was not able to reveal emails he sent from his 
employer at the time, he was largely vindicated when he released some 
emails to and from Apple in a later presentation, though he did 
apologize for the manner in which he publicized the exploit.

It was an ugly fight, and now Maynor may be holding a zero-day exploit 
for the iPhone.  He's certainly not going to let it loose in the wilds, 
but if you were an Apple engineer, wouldn't you have nightmares about 
that very possibility?

I mean what malicious hacker wouldn't want to be the first to control an 
iPhone botnet?


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Wed Jun 13 2007 - 22:25:06 PDT