During the Pwn2Own hacking contest this week over at CanSecWest 2010, it only took merely 20 seconds to get an iPhone hacked. This success also came along with Apple’s Safari browser & Internet Explorer 8. DV Labs sponsors the annual hacking contest. Contestant who is able to successfully exploit a target will walk away with a ZDI cash prize and related benefits. The event spread over three days and offered targets on multiple platforms.
In this 2010 contest, Ralf Philipp Weinmann & Vincenzo Iozzo exhibited an astonishing exploit on the iphone that allows them to send content of a targeted iPhone to an online website they already setup. They managed to copy the entire SMS database of the targeted iPhone including deleted text messages to the server. And did I mention it is done in 20 seconds!
In fact, Weinmann said he had been set to compete in last year's Pwn2Own contest but had to abandon his plans at the last minute when he discovered his attack only worked on jail-broken phones, which have been hacked to run unapproved applications. Jail-breaking circumvents the iPhone's memory protections, but the Pwn2Own rules force contestants to use unmodified phones.
The Pwn2Own contest pays contestants for their exploit code, which leverages software flaws to give the attacker a foothold on the machine being attacked. But because of the iPhone's sandbox architecture, Weinmann and Iozzo actually spent much more time working on their payload software.
To make their attack work, they used a technique called "return-oriented programming," in which they essentially cobble together instructions from different parts of the iPhone's memory. But even with this technique, the iPhone's sandbox restricted what they could do once they had hacked into the machine.
Both hackers were assisted by Halvar Flake, who claims Apple does have some protection in place for running malicious code on the iPhone, but it doesn’t cut it. "The way they implement code-signing is too lenient." Weinmann and Iozzo won a $15k cash prize and also the hijacked iPhone. For insight on how the hack works you can read it here.
Yeah Chrome is better!