Zero Day Attack

Charlie Miller spent five years at the National Security Agency where he hacked into foreign computer systems, so hacking the Apple iPhone is cakewalk to him:

Miller’s iPhone offensive showed how anything connected to networks these days can be a target.

He began by connecting his computer to another laptop holding the same software used by the iPhone. Then he typed a command to launch a program that randomly changed data in a file being processed by the software.

The alteration might be as mundane as inserting 58 for F0 in a string of data such as “0F 00 04 F0.” His plan was to constantly launch such random changes, cause the software to crash, then figure out why the substitutions triggered a problem. A software flaw could open a door and let him inside.

“I know I can do it,” Miller, now a cybersecurity consultant, told himself. “I can hack anything.”

After weeks of searching, he found what he was looking for: a “zero day,” a vulnerability in the software that has never been made public and for which there is no known fix.

It's a good thing that Miller actually hacked the iPhone to discover its security flaws so it can be fixed, but "zero day attack" is fast becoming a real nightmare for cyberspace.

The Washington Post has fascinating series of special reports on Zero Day, the first of which is by Robert O'Harrow Jr.: Link

Commenting is closed.
Email This Post to a Friend
"Zero Day Attack"

Separate multiple emails with a comma. Limit 5.


Success! Your email has been sent!

close window