iPhone Hacked in 20 Seconds at Pwn2Own
Two European researchers have successfully hacked a fully patched iPhone and exfiltrated the device's entire SMS database in 20 seconds.
ZDNet reports that Vincenzo Iozzo and Ralf Philipp Weinmann exploited a previously unknown vulnerability and had the target iPhone visit a Web Site containing malicious code. It took Weinmann, a 32-year-old from the University of Luxembourg, collaborated and Iozzo, a 22-year-old Italian researcher from Zynamic, to find the vulnerability and write the exploit. Once they put everything in place, the hack took just 20 seconds.
"Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control," Weinmann said, according to ZDNet.
Weinmann went on to say that in addition taking the SMS database, the exploit could have taken the phone's contact list (for both phone and email), photographs and iTunes files.
ZDNet cites Weinmann as saying there’s a non-root user called ‘mobile’ with certain user privileges in the iPhone Sandbox. "With this exploit, I can do anything that ‘mobile’ can do," he said.
Weinmann and Iozzo won $15,000 and got to keep the iPhone.
- Caption Contest: Happy Birthday, Steve Ballmer!
- VOTW: Adobe Makes Photoshopping Easy as Pie
- MSI's GeForce GTX 480 to Offer Over Voltage Too
- This is What Leadtek's Fermi Cards Look Like
- PICTURES: GeForce GTX 480 Stripped Apart
- Real Life Modern Warfare 2: Gamer vs. Soldier
- Could Dell Be Next to Leave China?
- GoDaddy Stops Registering Domains in China
- 'Bug' Sees Google Corporate Changed to Chinese
- IE8, Firefox and Safari Hacked to Bits at Pwn2Own
- U.S. Army Visits Apple in Search for Military Tech
- Catalyst 10.3/GeForce 197.13 Now WHQL Certified
- The Road to Fermi: A Look Back on News Leaks
- Asus Eee PC 1201T Arrives, T101MT Next Month
- JooJoo Tablet to Beat Apple's iPad to Market
- DNS Problem Brings Great Firewall of China Global
- Asus M4 Motherboards Do AMD Phenom II X6
- PAX: Nvidia Takes GTX 480 Directly to Gamers
Give people money and prizes and anything can be done.
Apple and security is like Jello and concrete.
Security by obscurity.
Windows and security is like a fart and concrete.
Windows and security is like a fart and concrete.
Microsoft has absolutely nothing to do with people successfully manipulating an iPhone - it is completely irrelevant. Go troll elsewhere.
all OS has security issues...
what no link?
all OS has security issues...
Its just as he says.. every OS is made by man.. thus another man can find a flaw and exploit it. Thats just life.. But just like everything else if you build it well enough the cracks will be much harder to notice..
Misleading title at best. "Once they put everything in place, the hack took just 20 seconds." Like saying, once I built the car, it took 5 seconds for the engine to start when I turned the key. Ah, yeah, lol.
I can understand the apple comment, but why the hatred for windows on an apple article? Dman made no reference in comparing apple vs windows, ROFL, apple fan ftl?
We never had these sort of security issues back in the Windows Me days.
It makes you wonder what kind of others things we could get accomplished if we would start offering cash prizes for other technological feats.
Please fix the first paragraph, I can't really read the structure...
jkljlk
there are some hack that need brute force computational power, this one is a simple drive by ordeal.... imagine visiting a website on your iPhone and having the contents copied
Another example demomnstrating there is not privacy on the Internet.
step one, go to infected unsecured dangerous website
step two, click yes to allow ((((hacking of my device)))
step three, claim ZOMG!! I've Been HACKED!!
Now if they could just hack and redo Obama Care and reverse it Life would be good again!
Now if they could just hack and redo Obama Care and reverse it Life would be good again!
Please limit yourself to tech-related trolling while on Tom's.
Wait a minute. Apples lawyers told us that only reason to lock the phone and jail-breaking is illegal was for security reasons.
/sarcasm
So why the iPhone is locked again?!
alpine dottie
They get to keep the iPhone, but something tells me that they'll be selling it for some change.
Was this a weakness in the iPhone OS or was this a weakness in it's Safari browser?
Apple,
My iPhone is not secure. There is an application that is being exploited.
The application is Safari. Please remove from App Store.
Thanks,
iPhone User
Windows and security is like a fart and concrete.
Please limit yourself to tech-related trolling while on Tom's.
Please limit yourself to trolling the topic at hand.
15 sec was the drum roll...
5 sec the exploit
and why keep the iPhone? After proving it's weakness, no piont.
' It took Weinmann, a 32-year-old from the University of Luxembourg, collaborated and Iozzo, a 22-year-old Italian researcher from Zynamic, to find the vulnerability and write the exploit. '
is it just me, or does that make no sense?
That's takes a great deal of talent. God would hate me if I learned to hack an iPhone.
20 seconds is already too much for a pre-scripted attack - weak network signal, slow connection, or was the carrier experiencing some traffic jams?
The moral of the story is simple: today's browser architectures, with all the extensions, and "features not bugs" baggage for the eye-candy factor, are fundamentally flawed.
' It took Weinmann, a 32-year-old from the University of Luxembourg, collaborated and Iozzo, a 22-year-old Italian researcher from Zynamic, to find the vulnerability and write the exploit. 'is it just me, or does that make no sense?
It doesn't have to... modern "journalism" in not anymore about respecting grammatical or syntactical rules, factuality, ethics, or even common sense... it's more about hype, ratings, and filling the quota. You gotta love those word processors, most offer a word count feature - what simpler metric for quickly quantifying the intellectual effort can you ask for, and get?
Now if they could just hack and redo Obama Care and reverse it Life would be good again!
Amen!!...at least Obama uses a Blackberry.
Every one having the same problem regarding hiding or locking text messages on iPhones. Recently I downloaded a program from http://faketexts.com/ and it hides the iPhone SMS button and replaces it with a fake one that you can edit. Basically it doesn’t show all the girls I am talking to.