Ian Beer (hacker)

Last updated

Ian Beer is a British computer security expert and white hat hacker, currently residing in Switzerland and working for Google as part of its Project Zero. [1] He has been lauded by some as one of the best iOS hackers. [2] Beer was the first security expert to publish his findings under the "Project Zero" name in the spring of 2014; [3] at this time, the project was not yet revealed and crediting the newly discovered vulnerabilities to it led to some speculation. [1]

He is known for discovering a large number of security vulnerabilities in Apple products, including iOS, [1] Safari [3] and macOS, [4] as well as helping create jailbreaks for iOS versions. [5] [6] One such discovery forced Apple to rewrite significant parts of the macOS and iOS kernel. [7] Beer is also a vocal critic of Apple concerning its bug bounty program for iOS announced in 2016. [8] [9] The invite only program has been accused of low payouts. [8] Beer has also criticized the company for not disclosing to its users why updates that fix the bugs should be installed. [10]

Related Research Articles

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application or user with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

An over-the-air update, also known as over-the-air programming, is an update to an embedded system that is delivered through a wireless network, such as Wi-Fi or a cellular network. These embedded systems include mobile phones, tablets, set-top boxes, cars and telecommunications equipment. OTA updates for cars and internet of things devices can also be called firmware over-the-air (FOTA). Various components may be updated OTA, including the device's operating system, applications, configuration settings, or parameters like encryption keys.

iOS Mobile operating system by Apple

iOS is a mobile operating system developed by Apple exclusively for its smartphones. It was unveiled in January 2007 for the first-generation iPhone, launched in June 2007. Major versions of iOS are released annually; the current stable version, iOS 18, was released to the public on September 16, 2024.

The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference.

iOS jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by Apple on devices running iOS and iOS-based operating systems. It is typically done through a series of kernel patches. A jailbroken device typically permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

<span class="mw-page-title-main">Jay Freeman</span> American computer scientist

Jay Ryan Freeman is an American businessman and software engineer. He is known for creating the Cydia software application and related software for jailbroken iOS—a modified version of Apple's iOS that allows for the installation and customization of software outside of the regulation imposed by the App Store system.

<span class="mw-page-title-main">JailbreakMe</span> Series of iOS jailbreaks

JailbreakMe is a series of jailbreaks for Apple's iOS mobile operating system that took advantage of flaws in the Safari browser on the device, providing an immediate one-step jailbreak, unlike more common jailbreaks, such as Blackra1n and redsn0w, that require plugging the device into a computer and running the jailbreaking software from the desktop. JailbreakMe included Cydia, a package management interface that serves as an alternative to the App Store. Although it does not support modern devices, the websites remain available for compatible devices.

<span class="mw-page-title-main">Hacking of consumer electronics</span>

The hacking of consumer electronics is a common practice that users perform to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

The Pangu Team, is a Chinese programming team in the iOS community that developed the Pangu jailbreaking tools. These are tools that assist users in bypassing device restrictions and enabling root access to the iOS operating system. This permits the user to install applications and customizations typically unavailable through the official iOS App Store.

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.

Zerodium is an American information security company. The company was founded in 2015 with operations in Washington, D.C., and Europe. The company develops and acquires zero-day exploits from security researchers

<span class="mw-page-title-main">Benjamin Kunz Mejri</span> German IT security specialist and penetration tester

Benjamin Kunz Mejri is a German IT security specialist and penetration tester. His areas of research include vulnerabilities in computer systems, bug bounties, the security of e-payment payment services and privacy protection. Mejri is known for uncovering new zero-day vulnerabilities and making them transparent to the public.

Pegasus is a spyware developed by the Israeli cyber-arms company NSO Group that is designed to be covertly and remotely installed on mobile phones running iOS and Android. While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists. The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense.

Ben Hawkes is a computer security expert and white hat hacker from New Zealand, previously employed by Google as manager of their Project Zero.

<span class="mw-page-title-main">Apple T2</span> System on a chip (SoC) designed by Apple Inc.

The Apple T2 security chip is a system on a chip "SoC" tasked with providing security and controller features to Apple's Intel based Macintosh computers. It is a 64-bit ARMv8 chip and runs bridgeOS. T2 has its own RAM and is essentially a computer of its own, running in parallel to and responding to requests by the main computer that the user interacts with.

Speculative Store Bypass (SSB) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ). After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG, it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated "Variant 3a".

The iOS mobile operating system developed by Apple has had a wide range of bugs and security issues discovered throughout its lifespan, including security exploits discovered in most versions of the operating system related to the practice of jailbreaking, bypassing the user's lock screen, issues relating to battery drain, crash bugs encountered when sending photos or certain Unicode characters via text messages sent through the Messages application, and general bugs and security issues later fixed in newer versions of the operating system.

FORCEDENTRY, also capitalized as ForcedEntry, is a security exploit allegedly developed by NSO Group to deploy their Pegasus spyware. It enables the "zero-click" exploit that is prevalent in iOS 13 and below, but also compromises recent safeguards set by Apple's "BlastDoor" in iOS 14 and later. In September 2021, Apple released new versions of its operating systems for multiple device families containing a fix for the vulnerability.

References

  1. 1 2 3 Greenberg, Andy (15 July 2014). "Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers". Wired.com . Retrieved 4 January 2015.
  2. Koebler, Jason; Franceschi-Bicchierai, Lorenzo (9 August 2018). "Google Hacker Asks Tim Cook to Donate $2.45 Million In Unpaid iPhone Bug Bounties". Motherboard. Retrieved 8 March 2019.
  3. 1 2 Schmidt, Jürgen (15 July 2014). "Google schickt Elite-Hacker auf die Jagd nach Sicherheitslücken". Heise Security (in German). Retrieved 19 March 2017.
  4. Donath, Andreas (26 October 2016). "Sicherheitslücken: macOS Sierra 10.12.1 unbedingt aufspielen - UBERGIZMO DE". de.ubergizmo.com (in German). Retrieved 19 March 2017.
  5. Popa, Bogdan. "First iPhone 7 Jailbreak (iOS 10.1.1) Now Available for Download". softpedia. Retrieved 19 March 2017.
  6. Becker, Leo (22 December 2016). "Yalu: Erster öffentlicher Jailbreak für iOS 10". Heise Security (in German). Retrieved 19 March 2017.
  7. Chirgwin, Richard (27 October 2016). "How Google's Project Zero made Apple refactor its kernel". The Register . Retrieved 19 March 2017.
  8. 1 2 Bradbury, Danny (5 March 2019). "Security Researcher Changes Mind over Apple Bug". Infosecurity Magazine. Retrieved 8 March 2019.
  9. Leswing, Kif. "An elite Google hacker is directly challenging Apple CEO Tim Cook to donate over $2 million to charity". Business Insider. Retrieved 8 March 2019.
  10. Tung, Liam (19 October 2018). "Google warns Apple: Missing bugs in your security bulletins are 'disincentive to patch'". ZDNet. Retrieved 8 March 2019.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.