X
CNET logo Why You Can Trust CNET

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement

Researchers who hack the Mac OS

Charlie Miller and Dino Dai Zovi research and publicize security weaknesses in the Mac OS out of passion, and because it's easy.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
4 min read

Dino Dai Zovi Tehmina Beg

It was summer 2005. Dino Dai Zovi walked into a Manhattan Starbucks, ordered a coffee, sat down, and opened up his laptop.

Before his coffee was cold he had found a local privilege escalation vulnerability in Mac OS X Tiger, which could allow people to elevate from normal user to full super user, and had written code that could exploit the hole.

"I just think that I got lucky, but that's what I always think when I find a bug that quickly," he said in an interview on Wednesday.

Dai Zovi has been exploiting Macs for a long time, publishing his first Mac OS X shellcode (code used as the payload in an exploitation of a vulnerability) for the PowerPC in July 2001. He said he has reported more than 10 vulnerabilities to Apple over the years and does so out of love for the platform.

"I'm an avid Mac user," he said. "So I have a vested interest in them being more secure."

The 29-year-old got an early start in computers, using bulletin boards in second grade and accessing the Internet through a computer running VAX at 13. He taught himself to program and got a computer science degree from the University of New Mexico. While still in college, Dai Zovi worked for the Information Design Assurance Red Team at Sandia National Laboratories, which performs security assessments for the government, military, and commercial industry.

Since then he's worked for consultancies @Stake and Matasano Security, Bloomberg, been director of security at a hedge fund in New York, and now works as chief scientist at Endgame Systems, an information security start-up.

Dai Zovi's Mac hacking hobby has won him some measure of fame. He won the first ever PWN2OWN hacking contest at the CanSecWest security conference in 2007, exploiting a vulnerability in Apple's QuickTime that affected not only Mac-based computers but also those running Windows and for which Safari, Internet Explorer Firefox were vulnerable. (In the contest, participants show up with exploits ready to go. The exploits do not require local access to the systems; they only require that the user visit a web page to simulate a drive-by web exploit, as is common on the Internet today.)

He co-authored a book, The Mac Hacker's Handbook this year with security expert Charlie Miller that argues that contrary to popular belief, the Mac platform is not more secure than Windows, it's just not targeted by malware writers--yet.

"The sky is not falling," Dai Zovi said. But also, "the Mac is not magically protected from malware."

If security features are added to the new version of Mac OS X, Snow Leopard, which is due out on Friday, that could change Dai Zovi and Millers' opinion. (The CNET review of the product is here.)

Charlie Miller Charlie Miller

Miller has won the PWN2OWN contest the past two years. In 2008, he was able to gain control of a Leopard-based MacBook Air using a newly discovered vulnerability in Safari. That took him less than two minutes. This year, it only took him 10 seconds or so to exploit a hole in Safari on a MacBook running Leopard.

Miller is probably best known, though, for being the first to hack the iPhone, discovering a hole in the mobile version of Safari in 2007.

One of the reasons he entered the PWN2OWN contest was to prove that Mac OS security was lacking.

"I had a feeling that Mac was easier (to hack) than Windows," he said. "If I can find the Safari bug or exploit in a few days and it would take me 10 times as long for IE, why would I do that? I go after the easiest guy."

Miller comes from a Linux and Windows background and is relatively new to the Mac platform because he worked in the financial and government sector before becoming a security whiz.

After getting a Ph.D. in mathematics at the University of Notre Dame, Miller worked at the U.S. National Security Agency for five years. Hired as a cryptographer, Miller pushed for computer security training because he was "looking for something else to do."

He then worked at a financial-services firm before moving back to his home town of St. Louis and taking a job as principal analyst at consultancy Independent Security Evaluators, where Macs are standard.

"I hack products I own and use and like," he said. "I want to know how they work and play around with them...I thought the Mac OS and the iPhone were cool."

Updated at 6:58 a.m. PDT with more details about the PWN2OWN contest.