Apple Hacker Charlie Miller To Demo Dangers of Near-Field Communications

An anonymous reader writes "Apple's hacker nemesis Charlie Miller, who the company banned from its app store developer program, apparently hasn't been waiting around for his suspension to be lifted. His latest pet project is hacking near-field communications (NFC), and at Black Hat USA in Vegas this month, he will demonstrate the dangers of using your smartphone to pay your cab fare. (But when his Apple 'sentence' is up, look out)."

What makes you think his "sentence" is ever up?

[crazyjj]

iOS is a walled garden. Apple is under no obligation to let anyone develop for it. If you're going to embarrass and criticize Apple, they are under no obligation to let you do it on their iPhones and iPads (or Macs either, for that matter).

Re:What makes you think his "sentence" is ever up?

[zoward]

iOS is a walled garden. Apple is under no obligation to let anyone develop for it. If you're going to embarrass and criticize Apple, they are under no obligation to let you do it on their iPhones and iPads (or Macs either, for that matter).

On the flip side, he make both Apple and the public aware of the exploits he finds. I'd rather Apple get a black eye over this than have the exploits remain out there where someone nefarious can find them and sell them to an eastern European cartel.

Re:What makes you think his "sentence" is down?

[dutchwhizzman]

As if he couldn't get someone else to proxy for him already. If apple keeps him away and he finds something worth while, he'll find someone else that is willing to front for him and just submit another app to prove his point. Keeping people out is useless, they should be thankful for someone to hilight their security flaws, even if it's bad publicity for them at that moment. Not exposing it and letting someone commit a serious crime on a large scale will hurt Apple more than having someone expose it.

Dear Apple:

[circletimessquare]

The guy is providing you with research and development, for free.

Hire him, you blind idiots.

You'd prefer this hack had been quietly discovered in the wild by somebody who isn't so upfront with the techniques? And then deal with the cost and PR fiasco of violated iPhone users?

Wake up, Apple HQ morons.

Your wallet product is being hardened against exploit, for FREE, and you punish the guy for it.

The Dangers of NFC

[6031769]

Essentially with NFC you have this card/phone in your pocket which all day long is saying to every other device it meets, "Hey, are you an EPoS terminal? I'd really like to pay for something, now!". It is not clear to me why the dangers of this need to be demonstrated, least of all to delegates at BlackHat.

Re:What makes you think his "sentence" is down?

[Anonymous Coward]

Oh Apple is fully within its rights, aside from the breach of fiduciary responsibility. Smart companies pay people like this for their services. Smarter ones give them a free tshirt and work for free. Stupid ones attempt to censor and really stupid ones prosecute.

Re:Dear Apple:

[sideslash]

I have to admit a little bit of schadenfreude at watching Apple gradually lose their reputation for having secure devices. If they didn't have such an arrogant and offensive attitude about the whole thing, it would be easier to sympathize.

Re:Wireless

[GameboyRMH]

Block, yes, spoof, no. Try spoofing a keyfile-secured SSH connection between a laptop and a wireless router.

Re:Dear Apple:

[jo_ham]

What hack is that exactly?

There is no NFC hardware in the iPhone at present.

As to being "idiots", I'm not sure how you arrive at that conclusion. Charlie has a flair for the dramatic and a clear skill at finding holes, sure, but he also antagonises those who (presumably) he is trying to impress (assuming his aim is to be financially rewarded for his work, which I don't think it is).

There are better ways than very publicly violating the terms of your developer agreement and then expecting to get hired. If Apple *did* hire him after that, what does that say for the credibility of their developer agreements? Who would be the "blind idiot" then?

Re:Reading comprehension is good for you

[jo_ham]

If you think that summary *isn't* a blatant swing at Apple, written to make Charlie's completely non-Apple-related NFC hacking look like something to do with Apple and the app store, then I have a bridge to sell you.

If we're jumping to conclusions about what this means for Apple when two of the three sentences specifically mention Apple and his link to them and the "ban" from the App Store for violating his dev agreement. If Apple, the App Store and iOS have nothing to with this then why is 66% of the summary dedicated to it?

The salient point appears to be that he will show something related to NFC hacking at a conference using a "smartphone". Interesting how the particular model of smartphone or the OS it runs is not mentioned, yet the other 66% of the summary heavily mentions Apple. Mmm. Seems legit.

Either way, we know it's not an iPhone or iOS since the iPhone doesn't have any NFC hardware in it, unless he managed to get his hands on the rumoured iPhone 5 prototype that might have it included but no one knows yet.