iPhone Hacked in 20 Seconds at Pwn2Own

ZDNet reports that Vincenzo Iozzo and Ralf Philipp Weinmann exploited a previously unknown vulnerability and had the target iPhone visit a Web Site containing malicious code. It took Weinmann, a 32-year-old from the University of Luxembourg, collaborated and Iozzo, a 22-year-old Italian researcher from Zynamic, to find the vulnerability and write the exploit. Once they put everything in place, the hack took just 20 seconds.

"Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control," Weinmann said, according to ZDNet.

Weinmann went on to say that in addition taking the SMS database, the exploit could have taken the phone's contact list (for both phone and email), photographs and iTunes files.

ZDNet cites Weinmann as saying there’s a non-root user called ‘mobile’ with certain user privileges in the iPhone Sandbox.  "With this exploit, I can do anything that ‘mobile’ can do," he said.

Weinmann and Iozzo won $15,000 and got to keep the iPhone.

  • amabhy
    Give people money and prizes and anything can be done.
    Reply
  • dman3k
    Apple and security is like Jello and concrete.

    Security by obscurity.
    Reply
  • jhansonxi
    Windows and security is like a fart and concrete.
    Reply
  • restatement3dofted
    jhansonxiWindows and security is like a fart and concrete.
    Microsoft has absolutely nothing to do with people successfully manipulating an iPhone - it is completely irrelevant. Go troll elsewhere.
    Reply
  • all OS has security issues...
    Reply
  • rtfm
    what no link? :p
    Reply
  • Jerky_san
    mikewong27all OS has security issues...
    Its just as he says.. every OS is made by man.. thus another man can find a flaw and exploit it. Thats just life.. But just like everything else if you build it well enough the cracks will be much harder to notice..
    Reply
  • Misleading title at best. "Once they put everything in place, the hack took just 20 seconds." Like saying, once I built the car, it took 5 seconds for the engine to start when I turned the key. Ah, yeah, lol.
    Reply
  • Boxa786
    I can understand the apple comment, but why the hatred for windows on an apple article? Dman made no reference in comparing apple vs windows, ROFL, apple fan ftl?
    Reply
  • We never had these sort of security issues back in the Windows Me days.
    Reply