Charles Miller has made his reputation hacking Macs. His most recent exploit earned him $10,000 by exposing soft spots in Mac OS X Snow Leopard and Safari in March. It was the third year in a row he hacked into a MacBook at CanSecWest Pwn2Own hacker contest.
Mac Directory sat down with Miller, whose Wikipedia entry describes him as a “security researcher,” to to talk about Apples weaknesses, his rep and whether Apple devices are still safer than PCs.
Question:> It is said that “Apple products” are safer than Windows-based products. Is this really true or are hackers too busy hacking PC-based devices?
Charles Miller > Both of your statements are true. They are safer exactly for the reason that not many criminals are looking at them. Most malware is written with the purpose of compromising as many hosts as possible, and that means Windows. There is nothing inherently more secure about Macs, in fact they’re probably a little easier to break into, but really they are protected for the moment by their limited market share.
Q. > You have successfully exploited Apple products. What makes you the leading and fastest Apple hacker today?
CM > Besides the fact I like and use Apple products, I think a lot of it is I was first to the party. There weren’t many researchers interested in Macs when I started looking at them so I got to find all the low hanging fruit. Apple products are way more secure now than three years ago.
Q. > Safari is obviously a pretty easy target. Why isn’t it being
exploited more in the wild?
CM >….It’s a little easier to hack because it is so full functional. Out of the box, Safari will run any Quicktime file, Flash, Java, etc. By contrast, Internet Explorer won’t parse any of those files. The reason it isn’t being exploited is simply that with only slightly more effort, bad guys can write IE exploits and can break into way more computers with it.
Full interview here.
