Ben Hawkes

Last updated

Ben Hawkes is a computer security expert and white hat hacker from New Zealand, previously employed by Google as manager of their Project Zero. [1] [2]

Hawkes has been credited with finding dozens of flaws in computer software, such as within Adobe Flash, [1] Microsoft Office, [1] [3] Apple's iOS [4] and the Linux kernel. [5] [6] His role was acknowledged, for instance, in an Adobe 2015 security bulletin, which announced updates that addressed critical vulnerabilities that allowed hackers to take control of the affected system. [7] In 2019, he reported two vulnerabilities that could allow hackers to tap iPhone microphones and spy on calls. [8]

Before Hawkes became part of Project Zero, he was first part of the Google team tasked with the security of Google's product launches. [9] Hawkes regularly publishes research on his works, particularly on vulnerability analysis and software exploitation such as novel heap exploitation techniques on Windows. [9]

Related Research Articles

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

<span class="mw-page-title-main">Ubuntu</span> Linux distribution developed by Canonical

Ubuntu is a Linux distribution based on Debian and composed mostly of free and open-source software. Ubuntu is officially released in three editions: Desktop, Server, and Core for Internet of things devices and robots. All of the editions can run on a computer alone, or in a virtual machine. Ubuntu is a popular operating system for cloud computing, with support for OpenStack. Ubuntu's default desktop changed back from the in-house Unity to GNOME after nearly 6.5 years in 2017 upon the release of version 17.10.

A zero-day is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack.

<span class="mw-page-title-main">Ksplice</span>

Ksplice is an open-source extension of the Linux kernel that allows security patches to be applied to a running kernel without the need for reboots, avoiding downtimes and improving availability. Ksplice supports only the patches that do not make significant semantic changes to kernel's data structures.

<span class="mw-page-title-main">Pwnie Awards</span> Information security awards

The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference.

<span class="mw-page-title-main">Ubuntu version history</span> History of the Ubuntu operating system

Ubuntu releases are made semiannually by Canonical Ltd, the developers of the Ubuntu operating system, using the year and month of the release as a version number. The first Ubuntu release, for example, was Ubuntu 4.10 and was released on 20 October 2004. Consequently, version numbers for future versions are provisional; if the release is delayed until a different month to that planned, the version number will change accordingly.

On Apple devices running iOS and iOS-based operating systems, jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by the manufacturer. Typically it is done through a series of kernel patches. A jailbroken device permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.

<span class="mw-page-title-main">Lubuntu</span> Linux distribution based on Ubuntu, utilizing the LXQt desktop environment

Lubuntu is a lightweight Linux distribution based on Ubuntu and uses the LXQt desktop environment in place of Ubuntu's GNOME desktop. Lubuntu was originally touted as being "lighter, less resource hungry and more energy-efficient", but now aims to be "a functional yet modular distribution focused on getting out of the way and letting users use their computer".

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in April 2021. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

<span class="mw-page-title-main">JailbreakMe</span> Series of iOS jailbreaks

JailbreakMe is a series of jailbreaks for Apple's iOS mobile operating system that took advantage of flaws in the Safari browser on the device, providing an immediate one-step jailbreak, unlike more common jailbreaks, such as Blackra1n and redsn0w, that require plugging the device into a computer and running the jailbreaking software from the desktop. JailbreakMe included Cydia, a package management interface that serves as an alternative to the App Store. Although it does not support modern devices, it can still be used and the site is up.

<span class="mw-page-title-main">Ubuntu Kylin</span> Derivative of the Ubuntu operating system

Ubuntu Kylin is the official Chinese version of the Ubuntu computer operating system. It is intended for desktop and laptop computers, and has been described as a "loose continuation of the Chinese Kylin OS". In 2013, Canonical Ltd. reached an agreement with the Ministry of Industry and Information Technology to co-create and release an Ubuntu-based operating system with features targeted at the Chinese market.

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.

<span class="mw-page-title-main">Parrot OS</span> Debian-based Linux distribution

Parrot OS is a Linux distribution based on Debian with a focus on security, privacy, and development.

<span class="mw-page-title-main">Snap (software)</span> Software deployment system for Linux by Canonical

Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap was originally released for cloud applications but was later ported to also work for Internet of Things devices and desktop applications.

<span class="mw-page-title-main">Dirty COW</span> Computer security vulnerability

Dirty COW is a computer security vulnerability of the Linux kernel that affected all Linux-based operating systems, including Android devices, that used older versions of the Linux kernel created before 2018. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel's memory-management subsystem. Computers and devices that still use the older kernels remain vulnerable.

Ian Beer is a British computer security expert and white hat hacker, currently residing in Switzerland and working for Google as part of its Project Zero. He has been lauded by some as one of the best iOS hackers. Beer was the first security expert to publish his findings under the "Project Zero" name in the spring of 2014; at this time, the project was not yet revealed and crediting the newly discovered vulnerabilities to it led to some speculation.

<span class="mw-page-title-main">KRACK</span> Attack on the Wi-Fi Protected Access protocol

KRACK is a replay attack on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven. Vanhoef's research group published details of the attack in October 2017. By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.

<span class="mw-page-title-main">Meltdown (security vulnerability)</span> Microprocessor security vulnerability

Meltdown is one of the two original transient execution CPU vulnerabilities. Meltdown affects Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The classic example is Spectre that gave its name to this kind of side-channel attack, but since January 2018 many different vulnerabilities have been identified.

FORCEDENTRY, also capitalized as ForcedEntry, is a security exploit allegedly developed by NSO Group to deploy their Pegasus spyware. It enables the "zero-click" exploit that is prevalent in iOS 13 and below, but also compromises recent safeguards set by Apple's "BlastDoor" in iOS 14 and later. In September 2021, Apple released new versions of its operating systems for multiple device families containing a fix for the vulnerability.

References

  1. 1 2 3 Greenberg, Andy (15 July 2014). "Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers". Wired.com . Retrieved 4 January 2015.
  2. "Ben Hawkes". usenix.org. Retrieved 13 January 2019.
  3. Nichols, Shaun (9 June 2015). "It's 2015 and hackers can hijack your Windows PC if you watch a web video". The Register . Retrieved 19 March 2017.
  4. Bock, Ken. "Jailbreak Exploit for iOS 10.1.1 to be Released Next Week". The Country Caller. Retrieved 19 March 2017.
  5. Nestor, Marius. "Canonical Patches Multiple Kernel Vulnerabilities in All Supported Ubuntu OSes". softpedia. Retrieved 19 March 2017.
  6. Nestor, Marius. "Canonical Patches Multiple OpenSSH Vulnerabilities in Supported Ubuntu OSes". softpedia. Retrieved 19 March 2017.
  7. "Adobe Security Bulletin". helpx.adobe.com. Retrieved 6 March 2019.
  8. Gatlan, Sergiu (8 February 2019). "Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4". BleepingComputer. Retrieved 6 March 2019.
  9. 1 2 "Ben Hawkes | USENIX". www.usenix.org. Retrieved 6 March 2019.