Charlie Miller, omul care acum cateva saptamani ne demonstra cat de vulnerabil este nou iOS 5 al companiei Apple printr-un exploit rulat intr-o aplicatie din App Store, a vorbit cu cei de la Engadget despre sistemul de securitate din Mac OS X si iOS. In 2008 el a facut primul exploit pentru Mac OS X si atunci sistemul de operare era mult mai fragil decat astazi, insa lumea nu il vedea asa. De-a lungul anilor el a prezentat diverse exploit-uri pentru sistemul de operare si in final a ajuns sa forteze Apple sa le rezolve. Fiind un utilizator de MacBook-uri el s-a ajutat practic pe sine pentru ca a intarit nivelul de securitate al propriilor produse desi Apple cu siguranta nu a fost prea multumita de ceea ce a vazut pe internet.
Believe it or not, back then, people didn’t believe Macs were vulnerable to anything. So I would say to people who would listen, “Hey, these are just computers, they have bugs, and they have exploits, too.” But they really didn’t see anything like that… I would say that and no one would really believe me. One of the main things I wanted to do was to show that Macs were vulnerable, and at the time, actually quite a bit more vulnerable than say a comparable Windows system. So that’s why I entered… to sort of prove a point. Flaws in that security, and unfortunately it didn’t work. So if you would read the comments on that, people were posting on articles about it, no one really believed it. They were like “Oh, well sure, if you give him physical access,” and of course I didn’t have physical access. Basically, I did it to prove that Macs were as vulnerable as anything else, and actually more so at the time and no one really believed me. And that’s why I went back the second year.
Trecand de la Mac la fratele sau mai mic, Miller sustine ca iOS-ul are un nivel de securitate mult mai bun decat Android OS insa efectuarea unui jailbreak ne lasa fara protectie. El sustine ca in momentul in care facem jailbreak iDevice-urilor noastre practic renuntam la o anumita parte din sistemul de securitate implementat de catre Apple in iOS si permite rularea oricarui gen de cod nesemnat pe iDevice-urile noastre. El nu vede jailbreak-ul ca un lucru absolut necesar si sustine ca toti cei care fac jailbreak ar trebui sa aiba un motiv foarte bun pentru a face acest lucru avand in vedere ca renunta la securitatea din iOS.
Definitely when you jailbreak an iOS device, you’ve really affected the security of the device. You turn off code signing, which means that you can download anything, but it also means you can download anything, meaning it can be bad code too. That’s the one thing everyone knows about, but protection means a lot more, too. Jailbreak adds a bunch more code, it starts running things as root, like as an example, you might have an SSH server running as root, or other programs you install running as root, which is of course a higher level privilege, and they’re very careful on a stock iOS device not to let you do that.
So you’ve got things running, and the new programs that are running, aren’t running in the sandbox anymore. Jailbreak turns off a lot of the memory protection, so the thing that I was talking about before, the flaw I found this time; you get automatically on a jailbroken device. It doesn’t just turn off good things; it turns off a lot of the security, so you really have to want whatever it is that you need with jailbreak, in order to give up all this security. For most people, I can’t imagine it’s worth it, but if there’s something you just have to have, then I guess it’s worth it. For me, for research purposes, I usually have to jailbreak my devices, but right now my phone is not jailbroken.
Mai multe puteti citi in interviul facut de cei de la Engadget.