Zero Day Attack
Charlie
Miller spent five years at the National Security Agency where he hacked
into foreign computer systems, so hacking the Apple iPhone is cakewalk to
him:
It's a good thing that Miller actually hacked the iPhone to discover its security flaws so it can be fixed, but "zero day attack" is fast becoming a real nightmare for cyberspace.Miller’s iPhone offensive showed how anything connected to networks these days can be a target.
He began by connecting his computer to another laptop holding the same software used by the iPhone. Then he typed a command to launch a program that randomly changed data in a file being processed by the software.
The alteration might be as mundane as inserting 58 for F0 in a string of data such as “0F 00 04 F0.” His plan was to constantly launch such random changes, cause the software to crash, then figure out why the substitutions triggered a problem. A software flaw could open a door and let him inside.
“I know I can do it,” Miller, now a cybersecurity consultant, told himself. “I can hack anything.”
After weeks of searching, he found what he was looking for: a “zero day,” a vulnerability in the software that has never been made public and for which there is no known fix.
The Washington Post has fascinating series of special reports on Zero Day, the first of which is by Robert O'Harrow Jr.: Link
