Slashdot Mirror
Apple Hacker Charlie Miller To Demo Dangers of Near-Field Communications
An anonymous reader writes "Apple's hacker nemesis Charlie Miller, who the company banned from its app store developer program, apparently hasn't been waiting around for his suspension to be lifted. His latest pet project is hacking near-field communications (NFC), and at Black Hat USA in Vegas this month, he will demonstrate the dangers of using your smartphone to pay your cab fare. (But when his Apple 'sentence' is up, look out)."
iOS is a walled garden. Apple is under no obligation to let anyone develop for it. If you're going to embarrass and criticize Apple, they are under no obligation to let you do it on their iPhones and iPads (or Macs either, for that matter).
What political party do you join when you don't like Bible-thumpers *or* hippies?
Whenever something is wireless there will always be a way to spoof or block it. All you have to do is provide it the right information and it will divulge all of it's information.
To me this is just common sense. If you want something to be less prone to this type of hacking? Don't use a wireless product in general...
tuck3r
As if he couldn't get someone else to proxy for him already. If apple keeps him away and he finds something worth while, he'll find someone else that is willing to front for him and just submit another app to prove his point. Keeping people out is useless, they should be thankful for someone to hilight their security flaws, even if it's bad publicity for them at that moment. Not exposing it and letting someone commit a serious crime on a large scale will hurt Apple more than having someone expose it.
I was promised a flying car. Where is my flying car?
The guy is providing you with research and development, for free.
Hire him, you blind idiots.
You'd prefer this hack had been quietly discovered in the wild by somebody who isn't so upfront with the techniques? And then deal with the cost and PR fiasco of violated iPhone users?
Wake up, Apple HQ morons.
Your wallet product is being hardened against exploit, for FREE, and you punish the guy for it.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Simpler yet, refrain from using an NFC capable device to pay for your cab fair or anything else for that fact. It surprises me how lazy we all have become because of technology. One deserves to get hacked if they are too lazy to protect themselves.
He's one of the guys that proved Apple isn't so unhackable and "immune to viruses" after all. He does have a point that NFC technology is too new to know whether it's safe, and honestly, I'm glad someone like him is on the case to determine just how exploitable it is. I've already had my bank account cleaned out once because of a hack into a store's debit card system.
Occasionally living proof of the Ballmer peak.
Essentially with NFC you have this card/phone in your pocket which all day long is saying to every other device it meets, "Hey, are you an EPoS terminal? I'd really like to pay for something, now!". It is not clear to me why the dangers of this need to be demonstrated, least of all to delegates at BlackHat.
Burns: We're building a casino!
McAllister: Arrr. Give me 5 minutes.
1) Apple phones don't have NFC chips in them so Charlie Miller cannot be "exposing them"
2) Charlie Millier will be exposing security problems of NFC with Android phones.
3) Charlie Miller is also Google's nemesis and has exposed how silly Android security testing is:
http://www.darkreading.com/vulnerability-management/167901026/security/client-security/240003490/apple-ban-gives-miller-time-to-hack-other-things.html
4) timothy seems to have an axe to grind against Apple so he's submitting these idiotic articles lately. It's he, however, that looks stupid as a result.
Oh Apple is fully within its rights, aside from the breach of fiduciary responsibility. Smart companies pay people like this for their services. Smarter ones give them a free tshirt and work for free. Stupid ones attempt to censor and really stupid ones prosecute.
Is anybody surprised by this: "he will demonstrate the dangers of using your smartphone to pay your cab fare"? ... they seem like something built for convenience, but without any real security in them.
I have always been a little leery of these things. Between credit cards which don't require contact or a signature, and several other things
I'm betting this isn't even specific to Apple so much as the entire class of near-field tech.
Lost at C:>. Found at C.
The article seems to be light in the details of his exploit: particularly if it is specific to iOS or to the actual NFC spec. There are lots of other companies that have vested interest in NFC so it would be interesting to see his presentation when it comes around.
Does anybody have a good set of instructions on how to make a Faraday Cage wallet?? (note not how to buy said wallet or something on a split between 64 pages so we can get ad income for 64 page views thing like instructables)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
How are they censoring him? He uploaded an exploit into the App Store. If he wanted to bring attention to it, all he had to do was to contact Apple or put something on the net. Instead he violated the terms of use and his developer agreement and uploaded said exploit instead.
Since when does apple have control over an individual's freedom of speech?
If people haven't figured out that NFC is a great tool for a ton of things but also anything but secure by now, I would say that they are completely oblivious. They're simply thinking that a communication tool (NFC) can also be relied on for security. I don't see anything wrong with him exposing exploits on the presumption that he already warned apple about them (which he commonly does). I don't think that has anything to do with "embarrassment" so much as calling into question why anyone would think that mobile phone + anything = secure?
If "showing apple that there are security holes" = embarrass/criticize, then you are simply misled.
So there I am standing at the gas station yesterday, and I catch a quick glimpse of one of those ad's on the TV screen offering to give you 5 cents off per gallon if you pay at the pump with NFC through your phone. I'm a bit amused by this as right next to it is a sign saying not to use your cell phone at the pump with a funny symbol of fire next to it. Curious as to the contrary suggestions, I look at the fine print of the NFC ad where it basically says "for your safety, you can only use this as a single pump" or basically trying to manage the risk by only using it briefly. This is somewhat funny as they can't seem to make up their mind as to whether is it safe, or isn't it?
Nowhere did the summary say Charlie Miller is hacking NFC in an Apple phone. In fact, nowhere in the summary does the string "expos" appear, so when you quote "exposing them", who are you quoting?
The summary said "Apple's hacker nemesis Charlie Miller". It's merely identifying Charlie Miller as a somewhat infamous Apple hacker. Any allusion to him hacking Apple devices in the summary is entirely the fault of people who are jumping to conclusions.
This would be like saying "Sony's hacker nemesis George Hotz is now showing how NFC can be dangerous".
:(){
I just want to know how are they going to fit all the attendees into the cab so they can see what is going on?
Paul: Father... father, the sleeper has awakened! - Dune
I ended up getting an HP laptop with all or better specs than a comparable Ibook and at less than half the cost.
Really? You found an HP that runs OS X? Also where is this "Ibook" you are referring to? Apple does not sell any laptop branded Ibook or IAnything for that matter. And very much doubt you found anything that is truly similar for "less than half the cost" once you include ALL the hardware including the case and the rest of it. I've compared ultrabooks running Windows from various vendors to Apple's offerings myself. While Apple certainly wasn't the cheapest they weren't a whole lot more expensive once you compared their stuff to the most similar stuff from HP and the rest.
The only difference is my laptop is not ultra-thin, which is unimportant to me.
So the hardware is not the same. If you don't like Apple's products that's fine. Nothing wrong with that. My own laptop is an Acer and it is excellent. But unless you compared extremely similar hardware you weren't doing a serious comparison.
As if he couldn't get someone else to proxy for him already. If apple keeps him away and he finds something worth while, he'll find someone else that is willing to front for him and just submit another app to prove his point
That doesn't means the proxy gets to keep the new app in the app store.
Talk of using a front is talk of a forming a conspiracy against Apple. It becomes a whole new ball game where the stakes are much higher.
The very least that can be expected is that Apple will be screening its developers and its apps all that more closely. Where Apple leads, Amazon, Google, and Microsoft and all the rest are sure to follow.
The walled garden is walled higher.
Really? You found an HP that runs OS X?
Several, actually :3
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Um, what?
Does nobody here speak English?
How is this +2 Informative?!
He/him is subject/object.
Who/whom is subject/object.
That/(who/whom) is impersonal/personal.
A substantial surcharge is added to the products that are officially "blessed" and thats that. This model has been tried before and it just costs more. I queried a SUn hardware vendor about why their products were 2x the cost of COTS versions... I heard they used better components like screws and springs. See where it got them? How much "Room is under their tent"?? Scotty McNealy once crowed this. See where it got them, once there were alternatives?
If you think that summary *isn't* a blatant swing at Apple
So far as I know, none of my statements alluded to whether or not I thought this was a swing at Apple. That's just another example of a reader jumping to conclusions, which isn't surprising if you already jumped to conclusions once. I wouldn't have worded the summary the way it was worded...perhaps the first sentence would have been the same, to help the audience identify who Charlie Miller is (because I certainly didn't recognize his name, being someone who doesn't give two shits about Apple), but that last parenthetical sentence is certainly out of place and useless.
I will agree that the summary should have stated the device and platform that was having NFC hacked and the omission is conspicuous. That is in fact the fault of the submitter. The lack of this detail allowed people to jump to conclusions, but it didn't push anybody; people jumped to conclusions on their own, and that is the fault of those people, not the submitter. But no one wants to admit they jumped to conclusions, because that means they made a mistake, so instead they just blame the submitter to avoid feeling bad about their own actions.
After all, you said it yourself. The iPhone doesn't have NFC and this is fairly well known. So how on earth could someone be confused that he's hacking an Apple device with NFC, when there isn't one?
Also, speaking of misleading...
yet the other 66% of the summary heavily mentions Apple. Mmm. Seems legit.
First sentence: 26 words.
Second sentence: 32 words
Third sentence: 9 words
35 words contained in sentences referencing Apple. Those sentences also involved identifying who the hell Charlie Miller is, but I'll give you the benefit of the doubt and we'll just say all those words are directed at Apple.
32 words involve the actual story of the danger of NFC devices.
This means at most, 52% of the summary was devoted to Apple.
:(){
"he's still serving the remainder of his one-year ban from Apple's App store developer program in the wake of a research app he was able to slip past its vetting process last year, so he can't get a prerelease peek at iOS images to find new bugs in the upcoming iOS 6"
Really? You found an HP that runs OS X?
So are you saying that the premium we pay for Apple products is because of the OS?
Ceci n'est pas un sig.
Not only are there various laptops that will run OS X directly on the hardware, I've seen people run it in a VM under Windows. Granted it was just for shits and giggles and no serious work was done this way, but if there's a Mac app you just have to have, it might be an option instead of booting to OS X.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
He posted an app with an iOS exploit to the App Store and made it known publically afterwards. He claims he informed Apple beforehand but went ahead and posted his app anyway. Whatever point he was trying to make he lost it when it when he submitted the app to retail and then acted shocked when his developer access was pulled.
the little fuckbag?
It would be one time that Apple did the Right Thing.
Badly implemented NFC solutions have security holes? Say it ain't so!
Funny how Japan has been using NFC (in the form of contact-less RFID smart cards since 2001 and payment using NFC in mobile phones since 2004, with no significant security breaches - I can't even find any examples so it may simply be zero security exploits.
Most of the NFC systems I've seen that don't use FeliCa have been absolutely atrocious in terms of security. It isn't super difficult to make a very secure system, but I get it's easy and cheap to make a half-arsed, half-secure system.
Don't blame NFC, blame bad implementations.
So are you saying that the premium we pay for Apple products is because of the OS?
Primarily though not entirely. Oh sure there is the brand and the design. Those are not free but by themselves they aren't enough. At the end of the day Apple is a software company. Put Windows or linux on a Mac and you would be hard pressed to tell it from a Dell or HP without seeing the Apple logo. If the only difference was the hardware Apple could not command the premiums they do. (That's true for the iPad, iPod and iPhone as well - put Android on them and there really isn't much difference) What truly differentiates Apple is their software. They bundle it with some well designed hardware and it's different enough that people are willing to pay a premium for it. Apple could sell their software on other people's hardware and it would still be a differentiated product. The reverse is not true - Windows on a Mac is pretty much the same as Windows on any other machine. They don't sell their software standalone for some very good competitive reasons but it is the core of what allows Apple to have the profit margins they do.
Charlie Miller DID contact Apple. They told him it was a non-issue/not a priority, so he went public 2 weeks later when they made good on their word about not doing anything about it.