Compare 56 Mobile Plans & 7 Phones to find the best deal!

iPhone hacked in under 20 seconds

Two European researchers have hacked into a fully patched iPhone in under 20 seconds at this weeks’ international “Pwn2Own” hacking contest in Vancouver, Canada.
26/03/2010

Two European researchers have hacked into a fully patched iPhone in under 20 seconds at this weeks’ international “Pwn2Own” hacking contest in Vancouver, Canada.

Exploiting a vulnerability of the iPhone operating system that was previously unknown, the duo were able to direct the iPhone to a rigged website and hijack the entire SMS database-even the messages that had already been deleted.

Ralf-Phillip Weinmann, a 32 year old from the University of Luxembourg, and Vincenzo Iozzo, a 22 year old Italian researcher who works for the German company Zynamics, worked together on the entire process. They discovered the chink in the iPhone armour, and developed the hack - or exploit - in around two weeks.

“Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control,” Weinmann explained.

While Weinmann was able to soak up the glory of being part of the first team to hijack an iPhone at this years’ Pwn2Own challenge, Iozzo had flight delays and missed their crowning moment.

The two said the hack could be easily changed to allow access to more data, including contacts and photos. While in the competition the exploit crashed the iPhone internet browser session, Weinmann said that they could also change the program to conduct a successful attack without closing the browser. This means that the transfer could take place without the user even knowing they had been hacked.

The challenge was sponsored by TippingPoint as a part of their Zero Day Initiative (ZDI), a program aimed at getting hackers to identify vulnerabilities in software before it is too late. 

Aaron Portnoy, a security researcher at TippingPoint Zero Day Initiative said Weinmann and Iozzo’s attack was “very impressive.”

“It was a real world exploit against a popular device. They exfiltrated the entire SMS database in about 20 seconds. It was as if a Web page was loading.”

TippingPoint ZDI now acquires the exclusive rights to the flaw information found by the European duo.  The company will report the weakness to Apple and withhold all the details until a patch is released.

Weinmann and Iozzo won $15,000 and got the keep the iPhone they hijacked.

Comments

Plans with this phone
 
Need help finding a plan?
No Plans With This Phone
Need help finding the best plan for you?
Call 1300 041 278  or fill in the form below & we will get back to you:
 

Need help finding a plan?

Call 1300 041 278

or fill in the form below & we will get back to you:
 
amaysim unlimited
 
 
 

Popular Phones