You’ve probably seen the headlines: “Pwn2Own 2008: MacBook Air hacked in 2 minutes” or “Pwn2Own 2009: Safari/MacBook falls in seconds.” But there’s a story behind every headline and who better to get the story from than Charlie Miller, the man behind the headlines? We had the opportunity to chat with Charlie after his back-to-back successes in demonstrating zero-day exploits affecting the Mac.
Alan: Thanks for agreeing to chat with us today. Let's start with the basics. Our readers will know that you were the first to "take down" a fully patched MacBook Air at last year's CanSecWest. And this year, you had an encore performance when you took down a fully patched MacBook. Before we begin, why don't you tell a little bit about yourself? How did you get started in the security business?
Charlie: I'm 35 years old and live in St. Louis. I've liked tinkering around with computers since I was a kid, but got a degree in Mathematics. After that, it was five years of on-the-job training at the NSA. I'm actually probably best known for being the first to hack the iPhone. I'm currently Principal Analyst at Independent Security Evaluators, a small consulting firm in Baltimore, MD.
Alan: You know I have to ask you. What was it like working at the NSA? Did you even know that you had an interest in Math when you entered college, or was your stint at the NSA the result of walking by the NSA booth at the college job fair?
Charlie: I liked Math. I switched majors a handful of times but always continued taking classes because I knew if I stopped I’d never be able to start again. As for the NSA, there’s not much I’m allowed to say, but I enjoyed my time there.
Alan: How much of your work today is focused on securing Macs vs. PC vs. Linux? Who is your typical customer?
Charlie: At work, I mostly look at application-level security. Most of this is really independent of operating system. For example, source code reviews or reverse engineering binaries doesn't depend much on the operating system. I've spent a lot of my research time on Macs because I like them and they also happen to be pretty easy to break!
Most of ISE's customers are small to medium size companies that care a lot about security and want to make sure their applications are secure. The companies that only want a check box usually go somewhere else because we are pretty good at what we do and consequently charge more than many other consulting firms.