iPhone Hacked in 20 Seconds at Pwn2Own

ZDNet reports that Vincenzo Iozzo and Ralf Philipp Weinmann exploited a previously unknown vulnerability and had the target iPhone visit a Web Site containing malicious code. It took Weinmann, a 32-year-old from the University of Luxembourg, collaborated and Iozzo, a 22-year-old Italian researcher from Zynamic, to find the vulnerability and write the exploit. Once they put everything in place, the hack took just 20 seconds.

"Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control," Weinmann said, according to ZDNet.

Weinmann went on to say that in addition taking the SMS database, the exploit could have taken the phone's contact list (for both phone and email), photographs and iTunes files.

ZDNet cites Weinmann as saying there’s a non-root user called ‘mobile’ with certain user privileges in the iPhone Sandbox.  "With this exploit, I can do anything that ‘mobile’ can do," he said.

Weinmann and Iozzo won $15,000 and got to keep the iPhone.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
27 comments
Comment from the forums
    Your comment
    Top Comments
  • dman3k
    Apple and security is like Jello and concrete.

    Security by obscurity.
    35
  • restatement3dofted
    jhansonxiWindows and security is like a fart and concrete.


    Microsoft has absolutely nothing to do with people successfully manipulating an iPhone - it is completely irrelevant. Go troll elsewhere.
    33
  • Jerky_san
    mikewong27all OS has security issues...


    Its just as he says.. every OS is made by man.. thus another man can find a flaw and exploit it. Thats just life.. But just like everything else if you build it well enough the cracks will be much harder to notice..
    23
  • Other Comments
  • amabhy
    Give people money and prizes and anything can be done.
    22
  • dman3k
    Apple and security is like Jello and concrete.

    Security by obscurity.
    35
  • jhansonxi
    Windows and security is like a fart and concrete.
    -35