A member of Google's Project Zero security team has asked Apple chief executive Tim Cook to change the company's culture as far as iOS security goes, saying Apple merely fixes bugs and does not try to remove the systemic roots that lead to such vulnerabilities.
Ian Beer asked Cook to donate US$2.5 million to Amnesty International - roughly the amount that he would have earned from Apple's bug bounty program had he chosen to do so.
Beer made his comments during a presentation at the Black Hat 2018 conference in Las Vegas on Wednesday. He has found more than 30 bugs in iOS and presented the details of a number of them during his talk, a report in ThreatPost said.
He did not blame individual security researchers, but rather organisations who had people in charge of security with academic, rather than exploit, backgrounds.
“Undeniably these people have really strong engineering security skillsets. But, they don’t have an exploitation background… Their focus is on the design of the system and not on exploitation,” he said.
“Please, we need to stop just spot-fixing bugs and learn from them, and act on that.”
Apple set up its bug bounty program two years ago, saying that all bug reports would be taken seriously and that it would consider paying rewards to those who were outside the program.
Beer's call to donate to Amnesty was because the organisation said recently that one of its staff has been targeted with powerful smartphone malware known as Pegasus which is sold by an Israel-based company NSO Group.
He said that Apple should lock down iOS because the victims of advanced persistent threats were increasingly users of iPhones.
“Targeted exploitation is more widespread than you think,” he said.
Beer said using bug fixes as a means of measuring a company's security credentials was flawed. Describing it as a security blanket that only offered the illusion of progress, he said one should understand the culture that led to the bugs and change that.
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT'S ON ITWIRE TV NOW!
