Sign in with
Sign up | Sign in

iPhone Hacked in 20 Seconds at Pwn2Own

By - Source: Tom's Hardware US | B 27 comments

Two European researchers have successfully hacked a fully patched iPhone and exfiltrated the device's entire SMS database in 20 seconds.

ZDNet reports that Vincenzo Iozzo and Ralf Philipp Weinmann exploited a previously unknown vulnerability and had the target iPhone visit a Web Site containing malicious code. It took Weinmann, a 32-year-old from the University of Luxembourg, collaborated and Iozzo, a 22-year-old Italian researcher from Zynamic, to find the vulnerability and write the exploit. Once they put everything in place, the hack took just 20 seconds.

"Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control," Weinmann said, according to ZDNet.

Weinmann went on to say that in addition taking the SMS database, the exploit could have taken the phone's contact list (for both phone and email), photographs and iTunes files.

ZDNet cites Weinmann as saying there’s a non-root user called ‘mobile’ with certain user privileges in the iPhone Sandbox.  "With this exploit, I can do anything that ‘mobile’ can do," he said.

Weinmann and Iozzo won $15,000 and got to keep the iPhone.

Discuss
Display all 27 comments.
This thread is closed for comments
Top Comments
  • 34 Hide
    dman3k , March 25, 2010 5:36 PM
    Apple and security is like Jello and concrete.

    Security by obscurity.
  • 33 Hide
    restatement3dofted , March 25, 2010 5:46 PM
    jhansonxiWindows and security is like a fart and concrete.


    Microsoft has absolutely nothing to do with people successfully manipulating an iPhone - it is completely irrelevant. Go troll elsewhere.
  • 23 Hide
    Jerky_san , March 25, 2010 5:54 PM
    mikewong27all OS has security issues...


    Its just as he says.. every OS is made by man.. thus another man can find a flaw and exploit it. Thats just life.. But just like everything else if you build it well enough the cracks will be much harder to notice..
Other Comments
  • 22 Hide
    amabhy , March 25, 2010 5:35 PM
    Give people money and prizes and anything can be done.
  • 34 Hide
    dman3k , March 25, 2010 5:36 PM
    Apple and security is like Jello and concrete.

    Security by obscurity.
  • 33 Hide
    restatement3dofted , March 25, 2010 5:46 PM
    jhansonxiWindows and security is like a fart and concrete.


    Microsoft has absolutely nothing to do with people successfully manipulating an iPhone - it is completely irrelevant. Go troll elsewhere.
  • 10 Hide
    Anonymous , March 25, 2010 5:48 PM
    all OS has security issues...
  • 6 Hide
    rtfm , March 25, 2010 5:52 PM
    what no link? :p 
  • 23 Hide
    Jerky_san , March 25, 2010 5:54 PM
    mikewong27all OS has security issues...


    Its just as he says.. every OS is made by man.. thus another man can find a flaw and exploit it. Thats just life.. But just like everything else if you build it well enough the cracks will be much harder to notice..
  • 8 Hide
    Anonymous , March 25, 2010 5:55 PM
    Misleading title at best. "Once they put everything in place, the hack took just 20 seconds." Like saying, once I built the car, it took 5 seconds for the engine to start when I turned the key. Ah, yeah, lol.
  • 20 Hide
    Boxa786 , March 25, 2010 5:55 PM
    I can understand the apple comment, but why the hatred for windows on an apple article? Dman made no reference in comparing apple vs windows, ROFL, apple fan ftl?
  • 4 Hide
    ikefu , March 25, 2010 6:20 PM
    It makes you wonder what kind of others things we could get accomplished if we would start offering cash prizes for other technological feats.
  • 4 Hide
    eyemaster , March 25, 2010 6:36 PM
    Please fix the first paragraph, I can't really read the structure...
  • 6 Hide
    Anonymous , March 25, 2010 6:37 PM
    jkljlk

    there are some hack that need brute force computational power, this one is a simple drive by ordeal.... imagine visiting a website on your iPhone and having the contents copied
  • 4 Hide
    JohnnyLucky , March 25, 2010 6:48 PM
    Another example demomnstrating there is not privacy on the Internet.
  • 0 Hide
    kingssman , March 25, 2010 7:20 PM
    step one, go to infected unsecured dangerous website
    step two, click yes to allow ((((hacking of my device)))
    step three, claim ZOMG!! I've Been HACKED!!
  • 9 Hide
    jhansonxi , March 25, 2010 9:37 PM
    soldier37Now if they could just hack and redo Obama Care and reverse it Life would be good again!


    Please limit yourself to tech-related trolling while on Tom's.
  • 1 Hide
    SAL-e , March 25, 2010 10:00 PM
    Wait a minute. Apples lawyers told us that only reason to lock the phone and jail-breaking is illegal was for security reasons.
    /sarcasm
    So why the iPhone is locked again?!
  • 0 Hide
    hoof_hearted , March 25, 2010 10:04 PM
    alpine dottie
  • 0 Hide
    eddieroolz , March 25, 2010 11:19 PM
    They get to keep the iPhone, but something tells me that they'll be selling it for some change.
  • 3 Hide
    orionantares , March 25, 2010 11:31 PM
    Was this a weakness in the iPhone OS or was this a weakness in it's Safari browser?
Display more comments