The Pwn2Own hacking contest is well under way today and the iPhone has fallen victim to a previously undisclosed Safari flaw.
Security researchers Vincenzo Iozzo and Ralf Philipp Weinmann demonstrated hacking into an iPhone by luring a fully patched iPhone to a specifically crafted website. According to the ZDNet 0-day security blog, the exploit allowed the researchers to steal the entire SMS database, including text messages that had already been deleted.
The researchers built the exploit in just two weeks. They claim the exploit could also reveal the phone contact list, photos and iTunes files. Little details are known about the exploit but the flaw was demonstrated on a fully patched iPhone 3GS running firmware 3.1.3. The pair won a $15,000 cash prize and got to keep the hijacked iPhone. Full details of the exploit will remain undisclosed until the issue is reported to Apple and a patch is released.
At last years Pwn2own, Microsoft flaunted a very speedy response time to a bug, as well as Google's Chrome being the only browser to survive the first day. Four new major flaws were discovered in the three main browsers tested; IE, Firefox and Safari. Following up from Chrome's first day of attack, the browser never suffered any major vulnerabilities. In other news, Charlie Miller - a well known hacker, is expected to demonstrate a new security flaw, today at Pwn2own, on an Apple Macbook Pro running Mac OSX.
Image Credit: Flickr
57 Comments - Add comment