Sign in with
Sign up | Sign in

Behind Pwn2Own: Exclusive Interview With Charlie Miller

Behind Pwn2Own: Exclusive Interview With Charlie Miller
By

You’ve probably seen the headlines: “Pwn2Own 2008: MacBook Air hacked in 2 minutes” or “Pwn2Own 2009: Safari/MacBook falls in seconds.” But there’s a story behind every headline and who better to get it from than Charlie Miller, the man behind the buzz.

You’ve probably seen the headlines: “Pwn2Own 2008: MacBook Air hacked in 2 minutes” or “Pwn2Own 2009: Safari/MacBook falls in seconds.” But there’s a story behind every headline and who better to get the story from than Charlie Miller, the man behind the headlines? We had the opportunity to chat with Charlie after his back-to-back successes in demonstrating zero-day exploits affecting the Mac.

Alan: Thanks for agreeing to chat with us today. Let's start with the basics. Our readers will know that you were the first to "take down" a fully patched MacBook Air at last year's CanSecWest. And this year, you had an encore performance when you took down a fully patched MacBook. Before we begin, why don't you tell a little bit about yourself? How did you get started in the security business?

Charlie: I'm 35 years old and live in St. Louis. I've liked tinkering around with computers since I was a kid, but got a degree in Mathematics. After that, it was five years of on-the-job training at the NSA. I'm actually probably best known for being the first to hack the iPhone. I'm currently Principal Analyst at Independent Security Evaluators, a small consulting firm in Baltimore, MD. 

Alan: You know I have to ask you. What was it like working at the NSA? Did you even know that you had an interest in Math when you entered college, or was your stint at the NSA the result of walking by the NSA booth at the college job fair?

Charlie: I liked Math. I switched majors a handful of times but always continued taking classes because I knew if I stopped I’d never be able to start again. As for the NSA, there’s not much I’m allowed to say, but I enjoyed my time there.

Alan: How much of your work today is focused on securing Macs vs. PC vs. Linux? Who is your typical customer?

Charlie: At work, I mostly look at application-level security. Most of this is really independent of operating system. For example, source code reviews or reverse engineering binaries doesn't depend much on the operating system. I've spent a lot of my research time on Macs because I like them and they also happen to be pretty easy to break!

Most of ISE's customers are small to medium size companies that care a lot about security and want to make sure their applications are secure.  The companies that only want a check box usually go somewhere else because we are pretty good at what we do and consequently charge more than many other consulting firms.

Display 32 Comments.
This thread is closed for comments
  • 2 Hide
    crisisavatar , March 25, 2009 7:28 AM
    he was born to kill
  • 6 Hide
    Niva , March 25, 2009 8:00 AM
    Blah, sad he didn't give an estimate to linux security. He said it has some method of protection but didn't expand on that much...

    As osx market share grows we'll see more exploits.
  • 0 Hide
    Silluete , March 25, 2009 8:12 AM
    Interesting thing about sandboxing, it's mean chrome more safe than other browser? or i missing something here?
  • 0 Hide
    lire210 , March 25, 2009 9:29 AM
    whats up mac
  • 1 Hide
    pcfxer , March 25, 2009 12:45 PM
    Chrome uses processes instead of threads. The difference is that the memory space for each process is different--better sandboxing.

    Processes have increased headroom: they are making a copy of local variables and structures at the time of "forking".

    Threads "fork off" as functional code and work with their own memory space... in a nutshell.

    Sandboxing doesn't mean that Chrome is safer, it does mean that if sandboxing is implemented correctly Chrome CAN be safer. Security is so relative ;) .
  • 4 Hide
    AlanDang , March 25, 2009 12:57 PM
    Exactly, Chrome is currently safer than any other web browser on Windows Vista or Windows 7. We have an upcoming interview that talks a little bit more about this, but we haven't made plans on a dedicated article. Is that something people are interested in?
  • 0 Hide
    echdskech , March 25, 2009 1:44 PM
    AlanDangExactly, Chrome is currently safer than any other web browser on Windows Vista or Windows 7. We have an upcoming interview that talks a little bit more about this, but we haven't made plans on a dedicated article. Is that something people are interested in?count me in A


    Count me in. Come to think of it, I spend more time on my browser than any other piece of software (except the OS ofcourse) at any given day. primarily because I use it both at work for research and for play (ie reading articles here). Also, trend these days seem indicate it becoming more and more a target rather than the OS.

    Would be extra nice if the level of detail would be like the articles you guys write when a new cpu architecture is discussed. =)
  • 0 Hide
    anthony lackey , March 25, 2009 2:50 PM
    There is less ppl attacking Mac's because they aren't the mainstream. Hackers would rather try to infect as many ppl as possible thats why they target PC users.
  • 0 Hide
    Anonymous , March 25, 2009 4:16 PM
    If Apple does not allow cloning mac os may be safe for a long while, nobody likes to be tied to a single hardware vender. I really don't see how Apple could pull more that 15% to 18% market share without clones. JMO.
  • 1 Hide
    dedhorse , March 25, 2009 4:25 PM
    Good interview. Makes up for that Mac review.
  • 0 Hide
    zodiacfml , March 25, 2009 5:16 PM
    count me in. :)  i've been using chrome since it came out.
    though, in my usage, they haven't fixed the issue with auto-hide taskbar in vista.
  • 0 Hide
    eddieroolz , March 25, 2009 5:27 PM
    Great read, nice article Alan!
  • 0 Hide
    4c1dr41n1 , March 25, 2009 7:18 PM
    What if I use a virtual machine? I could

    1) copy it, open it, surf the web, close it, delete the copy.
    2) copy it again, open it, use internet bank, close it, delete copy again.

    Nice enough sandboxing?
  • 1 Hide
    Herbert_HA , March 25, 2009 7:31 PM
    It's a very nice article, indeed.

    But please, stop using so many pages! It's a pain in the ass to keep clicking every 2 questions...and that was an small article, other have more than 10 pages, unnecessarily. I guess you people are trying to keep access numbers up, so you could sell more ads, but it's surely not user-friendly to have to load the same content over and over.
  • -4 Hide
    4c1dr41n4 , March 25, 2009 7:36 PM
    What if I use a virtual machine? I could

    1) copy it, open it, surf the web, close it, delete copy.
    2) copy again, open it, use internet banking, close it, delete copy again.

    Nice enough sandboxing?
  • 1 Hide
    nukemaster , March 25, 2009 9:12 PM
    4c1dr41n4What if I use a virtual machine? I could1) copy it, open it, surf the web, close it, delete copy. 2) copy again, open it, use internet banking, close it, delete copy again.Nice enough sandboxing?

    In that case, just mount a live linux CD image in the drive then use it. always clean, no need to del + copy.
  • -4 Hide
    Anonymous , March 25, 2009 10:05 PM
    Miller, page 4: "In neither case did I get root/admin access."

    In other words, he actually didn't hack the Mac.

    What in the world is this fraud? How can you say you 'pwned' a computer without root access?
  • 0 Hide
    TheFuzzball , March 26, 2009 12:50 AM
    God help us when Conficker becomes cross-platform :D 
  • 0 Hide
    Anonymous , March 26, 2009 1:43 AM
    I wish there was more Charlie's voice in this interview. Now Alan did the most of the talking and Charlie basically had to say yes or no. At least in the most important topics.

    Nice reading, but not perfect.
  • 1 Hide
    Anonymous , March 26, 2009 1:58 AM
    It's a little upsetting that he sidesteps the issue of linux on the grounds of granny's incompetence, does he expect granny to stay on top of vulnerabilities in all of her installed software on the windows or mac boxes, assuming she'd need more third party software sources on either of the other platforms than say ubuntu with it's repositories.
Display more comments