iPhone Hacked at CanSecWest Contest

25 Mar 2010 | Apple , Security | 0 comments


apple iphone 3gs hackedYet another sad year for security. Yesterday at the annual Pwn2Own hacker contest at the CanSecWest security show, the iPhone together with IE8, Firefox and Safari have been hacked.

To qualify for the prizes, the hackers had to exploit unknown vulnerabilities to expose system data or to allow remote access or code execution.

Ralf Philipp Weinmann and Vincenzo Iozzo won the $15,000 prize for hacking the iPhone. Their exploit, written in two weeks, was designed to steal the iPhone SMS database, which included deleted messages.

In order for the attack to work, the victim had to visit a Web site with malicious code on it. The code would execute and upload the iPhone's SMS database to the hacker's server. The script bypasses the digital code signatures used on the iPhone to verify that the code in memory is from Apple.

Charlie Miller, security analyst at Independent Security Evaluators, won $10,000 after hacking Safari on a MacBook Pro without having physical access to the machine. Peter Vreugdenhil, an independent security researcher, won $10,000 for using his exploit to bypass security features in IE 8. Nils, head of research at MWR InfoSecurity, received $10,000 for hacking Firefox.