Google Project Zero security researcher moves to Apple
A researcher who worked for Google's Project Zero is departing the security team and moving over to Apple, to help the iPhone maker improve the security of iOS and its other operating systems.
Revealed on Twitter on Saturday, Brandon Azad confirmed he was leaving Project Zero in favor of a position at Apple in the following week. He will be joining Apple to "continue my work improving Apple device security."
Project Zero is Google's security research team that concentrates on finding security issues and vulnerabilities in software, both in Google's own products and of other major firms. The team works to improve the security of devices and software the general public uses by pointing out the issues to device producers, before performing an ethical disclosure of its findings.
This includes a collection of zero-click bugs in Apple's Image I/O framework affecting all of Apple's major platforms, and discovering exploits in hacked websites targeting iPhones.
Azad is known for his work on iOS issues, and has been credited in Apple's patch notes for both iOS and macOS releases multiple times. By moving to Apple, Azad may be able to assist in plugging some of the security holes he finds externally before they get discovered by research teamd like Project Zero.
In tweets, Azad calls his time at Project Zero "amazing" and says it's "been an honor to share in this wonderful mission." His teammates were among "the kindest and smartest people I've met, and I've learned so much from them," he adds, before thanking them and urging to "keep on hacking."
Revealed on Twitter on Saturday, Brandon Azad confirmed he was leaving Project Zero in favor of a position at Apple in the following week. He will be joining Apple to "continue my work improving Apple device security."
Project Zero is Google's security research team that concentrates on finding security issues and vulnerabilities in software, both in Google's own products and of other major firms. The team works to improve the security of devices and software the general public uses by pointing out the issues to device producers, before performing an ethical disclosure of its findings.
This includes a collection of zero-click bugs in Apple's Image I/O framework affecting all of Apple's major platforms, and discovering exploits in hacked websites targeting iPhones.
My teammates at Project Zero have been among the kindest and smartest people I've met, and I've learned so much from them. I'll really miss working alongside everyone on the team. Thank you all for these wonderful experiences, and keep on hacking!
-- Brandon Azad (@_bazad)
Azad is known for his work on iOS issues, and has been credited in Apple's patch notes for both iOS and macOS releases multiple times. By moving to Apple, Azad may be able to assist in plugging some of the security holes he finds externally before they get discovered by research teamd like Project Zero.
In tweets, Azad calls his time at Project Zero "amazing" and says it's "been an honor to share in this wonderful mission." His teammates were among "the kindest and smartest people I've met, and I've learned so much from them," he adds, before thanking them and urging to "keep on hacking."
Comments
A) virtually no Android exploits actually impact real world end users
nearly all Android vulnerabilities are due to bypassing Google Play and sideloading apps - which means that Apple fans who call Android a monopoly and demand that governments need to it up would result in more security issues not less. Do Apple fans want this in order for the increased security problems to force more customers who otherwise would be happy and satisfied by Android into iOS unwillingly?
C) The open nature of Android makes accomplishing real security impossible. Google learned from this and has since made every other platform i.e. ChromeOS, Wear OS and Android TV very much closed down. You cannot so much as even obtain an image of ChromeOS to create a virtual machine or use with Bootcamp. As a result virtually no security issues - even the type that results in no end user exploits and are easily avoided like in Android - exist on ChromeOS and the others.
D) if your core complaint is Google having Project Zero at all, well there was nothing preventing Apple from investing the massive resources and leadership that it took to create the best private cybersecurity research team in the world in Project Zero. You should bash Apple for not creating their own team instead of bashing Google for having this sort of initiative. Instead Apple is reduced to acqui-hiring someone that Google put in the hard work of identifying and training.
https://www.androidcentral.com/strandhogg-20-steals-data-posing-legitimate-android-apps
The OP claim of "virtually no Android exploits" still looks OK if Strandhogg was all you could find.
https://www.gsmarena.com/android_11-review-2165p3.php
Surely you didn't approve those permissions if the app requested it.
Neither 10 nor the current Android 11 was vulnerable to begin and FWIW Version 2 of the "exploit" was reportedly never seen in the wild thanks to Android's relatively open-source nature and security researchers who can regularly examine its code.
AFAICT things worked exactly as they are supposed to. Exploit identified, the OS provider notified, update with fix prepared and rolled out, and the exploit then publically revealed. Isn't that the way things should go whether it's a Mac, or Windoze, or Android, or iOS exploit? No harm to users is the goal and that's the end result in this case.
If you disagree explain why.
Wow! I cannot wait until 2030 when all "Google Android"* iKnockoffs are running today's software! Not to mention companies like Samsung that refuse to patch security updates on their knockoff iPhones and knockoff iPads.
*See what he did there? Being carefully selective as he knows android is a fragmented dump.
Drinking that delusion-ade aye?
"A) virtually no Android exploits actually impact real world end users"
Yeah tell that to the possibly 2 billion users who may be a victim of StageFright. A virus that potentially infected all knockoff iPhones and the media turned the other way while nit-picking at Apple and making crap up (remember the fake news articles about China implanting chips on iPhone? Funny how people tend to forget things they gave credibility to).
You're the same guy who thinks Android invented the iPhone! LOL !!!
But of course everyone is lying and only Apple haters tell the truth. Android has ZERO vulnerabilities and malware no matter what we've seen ourselves. I once helped my mom on her knockoff iPHone and that thing was INFESTED with ads. The lockscreen, during regular use, ads EVERYWHERE. She only buys knockoff iPhones for the same reason most iKnockoff users do: cheap.
But Stagefright was not entirely without purpose. It was what prompted Google to begin regular monthly security patches. Out of the FUD rose something good.