Crashing The iPhone
BURLINGAME - Italian systems engineer Piergiorgio Zambrini won fame and money last year when he created "Ziphone," the first widespread application that unlocked iPhones to run on mobile carriers other than AT&T. Now he's making another bid for the spotlight by revealing a bug that can crash the iPhone and, he says, other devices including iPods and Apple computers. Zambrini planned to publish news about the bug Monday--although he's saving the technical details for Apple, he says--at least for now.
BURLINGAME - Italian systems engineer Piergiorgio Zambrini won fame and money last year when he created "Ziphone," the first widespread application that unlocked iPhones to run on mobile carriers other than AT&T. Now he's making another bid for the spotlight by revealing a bug that can crash the iPhone and, he says, other devices including iPods and Apple computers.
Zambrini planned to publish news about the bug Monday--although he's saving the technical details for Apple, he says--at least for now.
The 38-year-old security expert praises Apple's marketing prowess and calls Steve Jobs a genius. But there are chinks in Apple's software--and Zambrini is determined to uncover them.
The bug Zambrini found is in the audio portion of Apple's video format. Knowing the bug exists, someone could write a program that incorporates the bug into a video file and trigger a crash whenever an iPhone attempts to run that file. The bug, which is located in a shared code library that is used across most Apple operating systems and some Linux ones as well, doesn't appear to cause any permanent damage, but immediately sends the device into a panic that leads to a lengthy reboot.
Forbes.com has confirmed that it crashes the latest generation of iPhones. Zambrini asserts it can take down any Apple iPod or iPhone, too.See Video: CrashpodIn Pictures: Seven iPhone Killers
Zambrini told Forbes.com that he spotted the bug in July, and sent an e-mail to Jobs explaining what he found. He also applied for a position Apple was advertising at the time: iPhone security engineer. "I usually have the skill to find things where people don't look," Zambrini says. So far Apple hasn't responded to his resume.
The engineer attracted a big audience last year when his code unlocked the iPhone, thus making it possible to use the phone on other networks. Zambrini, who now works as an independent security consultant, maintains that his only reason for prying open Apple's proprietary device in the first place was to allow people abroad to use the phone with their home service.
His work drew a crowd: Zambrini's iPhone-unlocking software site, Ziphone.org, has had 15 million unique visitors worldwide this year. Donations and advertisements have provided Zambrini with a healthy revenue stream. Although he's coy about revealing how much he's made, Zambrini says that at the peak of Ziphone's popularity, the site scored a new donation every minute. On his best day, he received more than $10,000 in donations, he says. These days he charges advertisers $4,000 a month to display a banner ad.
As Apple has expanded iPhone sales to some 72 countries, Zambrini concedes that there's less "need" for the kind of "jailbreak" software that he wrote. Apple is "doing all the right things," by expanding its services internationally and letting consumers download applications via the App Store, he adds. And indeed, traffic to Zambrini's site started to tail off after this summer's release of Apple's iPhone 3G.
Is that why he applied for a job with Apple? "My target is not to work for Apple, but who knows?" Zambrini says. "Just maybe a chat with someone there--with Steve Jobs if possible--could lead to anything," he says. Zambrini acknowledges that the donation model that has allowed him to work as an independent security consultant, but says his bug discovery isn't worth very much to anyone outside of Apple. "People will never donate something just to see a phone crash," he says.
Then again, someone might be willing to pay for that kind of information.
According to TippingPoint, a computer security company that pays for such vulnerabilities, an undisclosed flaw like the one Zambrini found can fetch a price on the open market from a few thousand to tens of thousands of dollars. "If he wanted to cash in on it he could always try taking it to us or one of the other exploit-purchasing companies," says Cameron Hotchkies, a reverse engineer and Apple expert at TippingPoint.
"The fact that it's in a video file isn't really surprising to me," Hotchkies notes. "I'm actually surprised that it's crashing the device rather then crashing the Web browser because that means he's got a kernel vulnerability in the iPhone."
Large software companies like Apple and Microsoft typically have security response teams set up to deal with bugs found by community programmers and independent security researchers. TippingPoint says Zambrini could also probably sell the bug to government or at private auction, but that software companies also typically set up security response teams to encourage direct disclosure.
Hotchkies says that Microsoft is currently the leader in security response but Apple is quickly catching up. "Over the past year they've sort of stepped up their security response and their security team," he says. "Usually within a day I get a handwritten follow-up e-mail from someone on their security team telling me who's working on it, so that way I know there's somebody taking a look at it."
Zambrini says he hasn't yet contacted Apple's security response team. Forbes.com informed an Apple spokesman about the flaw and is still awaiting an official comment.
Along with another security expert, Zambrini says he's still exploring the bug's potential for malicious applications like arbitrary code injection, which would enable remote hackers to compromise a device. So far, he says he has not found that level of a security flaw but does not rule it out: "We can't say it's not possible," Zambrini says. "This thing needs to be studied a little bit deeper."In Pictures: Seven iPhone Killers
Apple: Unlocking The iPhone