The man who cracked Apple’s security protocols and unlocked the first iPhone gave us all a five-minute hacking lesson, courtesy of Viceland’s Cyberwar series.
In a clip that didn’t make it on television, George Hotz (aka “geohot”) takes host Ben Makuch through the steps necessary for him to gain access to a laptop connected to WiFi.
For the purposes of the demo, Hotz placed a laptop in his office, which is connected to his WiFi network. But, he explains, it just as well could be connected to the Internet.
It also has a piece of vulnerable software installed on it, which is not uncommon given the weekly reports of bugs being found, that quite often, go unfixed.
He gets a bit technical in explanation, but basically, Hotz figured out what software this laptop was running, and then he researched what vulnerabilities existed for it. From there, he could gain an understanding of how he would actually hack it, through a buffer overflow exploit that allows him to seize control.
“So I developed this exploit for this program, based on this vulnerability,” he says, explaining that his exploit is just 65 lines of code.
Though the video is compressed for time, it’s a good insight into the reasoning and methodology that a hacker really would use: Search for a problem in software, build something that will give you a way in, and then go from there. It’s worth noting that something like this — developing a new, unknown software exploit as Hotz did — usually takes far longer than five minutes.
Once he deploys his exploit on the targeted laptop, he gets what’s known as a shell, which means he can now throw whatever commands he wants at the computer, without any authentication.
Hotz shows how he can pull up the web browser and have it go to his website. Or he could make it run the calculator. Though he doesn’t show it in the video, he could also very easily activate the webcam and just watch. But it’s important to note that most hackers aren’t going to give themselves away by pulling up random pieces of software.
“If I was actually targeting someone, I wouldn’t pop up web browsers letting them know that I’m there,” he says. “I have a shell. I can navigate around their computer, see what’s on it, without them even seeing anything. That’s the key.”