iPhone SMS Database Hijacked at Pwn2Own Contest

Comments

Using a previously unknown exploit, Vincenzo Iozzo and Ralf Philipp Weinmann managed to grab the SMS database from an iPhone lured to a rigged website. The exploit crashed the browser session, but Weinmann said that with some additional effort, he could have a successful attack with the browser running.

According to Halvar Flake, a renowned security researcher who assisted with the winning exploit, said the exploit doesn’t get out of the iPhone sandbox. “Apple has pretty good counter-measures but they are clearly not enough. The way they implement code-signing is too lenient,” Flake added.

The hack stole the entire SMS database, including deleted messages, and the whole process took only 20 seconds. Weinmann and Iozzo won a $15,000 cash prize and got the keep the hijacked iPhone.

CanSecWest’s Pwn2Own contest also includes $10,000 for someone who can hack the BlackBerry OS. I’m not sure if anyone has claimed the price yet as the conference is still going on.

  • http://caspan.com Caspan

    I would love to see if someone hacks the BlackBerry OS. Just curious how they would come in etc… Thats a cool contest.

  • http://caspan.com Caspan

    I would love to see if someone hacks the BlackBerry OS. Just curious how they would come in etc… Thats a cool contest.