Apple security team adds British white hat hacking talent

From Redmond to Cupertino for Kristin Paget


Apple has added to its growing security team with the hiring of noted white-hat hacker Kristin Paget, who broke and then got hired to fix Windows security, Wired reports.

Kristin Paget, formerly Chris and originally from the UK but lately of California, is the inventor of the term "shatter attack" in a 2002 paper on a system for privilege-escalation attacks on applications in Windows NT, 2000, and XP operating systems. Microsoft issued a partial patch for the problem in December, but it wasn't finally fixed until Vista came out.

One of the reasons for that fix was that Redmond had made the canny move of hiring Paget and a team of other hackers to beef up the security on Vista. They gained renown – and caused Microsoft not a little aggravation – by delaying the launch of Vista after finding a critical security failure at the last minute.

Paget has made a name for herself with a number of interesting hacks across the technological spectrum outside of the world of pure software. In 2007 she was forced to pull out of a Black Hat conference talk on hacking building entry systems under threat of legal sanction from a major US RFID manufacturer.

A few years later, she showed off a $250 proof-of-concept device that cloned three passport card RFID tags during a 20-minute drive in downtown San Francisco. Later that year she demoed a $4,000 prototype that could match the random channel-hopping systems used by GSM, allowing extended eavesdropping.

At the 2010 DefCon security conference, Paget set up a spoof GSM base station in the conference hall that hacked many of the audience's phones and left them messages telling them their security had been compromised. All participants had been warned beforehand – Paget's good, but she's strictly white hat.

Paget has worked at a variety of security consultancies since her sojourn at Redmond, but in July she announced on her Twitter feed that she was looking for another job. "I've done too much breaking of things, it's time to create for a change," she said.

It now appears that Apple has scooped her up as part of its attempts to beef up security and fend off a growing malware threat. Cupertino has been quietly hiring security experts for a few years now, although many haven't lasted long at the company, citing Apple's tricky corporate culture.

While Paget has been a regular on the DefCon/Black Hat/Shmoocon hacking conference circuit, it's not clear whether her new employers will allow her to continue. Apple's first presentation at Black Hat this year was widely mocked as insultingly low in information, whereas Paget is more of a full-disclosure type of person.

Nevertheless, Apple has itself a valuable asset in Paget, and it's going to be interesting to see what kind of changes will sneak into iOS and OS X that come from their new hire. ®


Other stories you might like

  • Apple’s M2 chip isn’t a slam dunk, but it does point to the future
    The chip’s GPU and neural engine could overshadow Apple’s concession on CPU performance

    Analysis For all the pomp and circumstance surrounding Apple's move to homegrown silicon for Macs, the tech giant has admitted that the new M2 chip isn't quite the slam dunk that its predecessor was when compared to the latest from Apple's former CPU supplier, Intel.

    During its WWDC 2022 keynote Monday, Apple focused its high-level sales pitch for the M2 on claims that the chip is much more power efficient than Intel's latest laptop CPUs. But while doing so, the iPhone maker admitted that Intel has it beat, at least for now, when it comes to CPU performance.

    Apple laid this out clearly during the presentation when Johny Srouji, Apple's senior vice president of hardware technologies, said the M2's eight-core CPU will provide 87 percent of the peak performance of Intel's 12-core Core i7-1260P while using just a quarter of the rival chip's power.

    Continue reading
  • Workers win vote to form first-ever US Apple Store union
    Results set to be ratified by labor board by end of the week

    Workers at an Apple Store in Towson, Maryland have voted to form a union, making them the first of the iGiant's retail staff to do so in the United States.

    Out of 110 eligible voters, 65 employees voted in support of unionization versus 33 who voted against it. The organizing committee, known as the Coalition of Organized Retail Employees (CORE), has now filed to certify the results with America's National Labor Relations Board. Members joining this first-ever US Apple Store union will be represented by the International Association of Machinists and Aerospace Workers (IAM).

    "I applaud the courage displayed by CORE members at the Apple store in Towson for achieving this historic victory," IAM's international president Robert Martinez Jr said in a statement on Saturday. "They made a huge sacrifice for thousands of Apple employees across the nation who had all eyes on this election."

    Continue reading
  • Apple dev roundup: Weather data meets privacy, and other good stuff
    No AR/VR glasses but at least RoomPlan will let you make rapid 3D room maps

    WWDC Apple this week at its Worldwide Developer Conference delivered software development kits (SDKs) for beta versions of its iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 platforms.

    For developers sold on seeking permission from Apple to distribute their software and paying a portion of revenue for the privilege, it's a time to celebrate and harken to the message from the mothership.

    While the consumer-facing features in the company's various operating systems consist largely of incremental improvements like aesthetic and workflow enhancements, the developer APIs in the underlying code should prove more significant because they will allow programmers to build apps and functions that weren't previously possible. Many of the new capabilities are touched on in Apple's Platforms State of the Union presentation.

    Continue reading

Biting the hand that feeds IT © 1998–2022