iPhone Hacked Via Mobile Safari Exploit At Pwn2Own; Hijacks SMS Database

Pwn2Own contest to exploit smartphone vulnerabilities

We’re getting reports that iPhone was the first to fall at this year’s Pwn2Own contest organized by TippingPoint ZDI.

A pair of European researchers, Vincenzo Iozzo and Ralf Philipp Weinmann have successfully hacked the iPhone via a Mobile Safari exploit and hijack the entire SMS database, including text messages that had already been deleted.

The organizers of the event announced this breaking news via a tweet:

Vincenzo Iozzo and Ralf Philipp Weinmann successfully exploit the iPhone via Safari! Their payload pulled the SMS database.

Though they hacked an iPhone 3GS running iPhone OS 3.1.3, it affects security of all iPhones.

Folks at Threadpost have provided some more details from the event:

The exploit crashed the iPhone's browser session but Weinmann said that, with some additional effort, he could have a successful attack with the browser running.

Weinmann explained:

"Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control."

Vincenzo Iozzo (32) and Ralf Philipp Weinmann (22) found the vulnerability and also to wrote the exploit. They also got assistance from Halvar Flake, a renowned security researcher.

According to Flake:

“The biggest hiccup was bypassing the code-signing mitigation implemented by Apple on its flagship mobile device.

This exploit doesn't get out of the iPhone sandbox but noting that an attacker can do enough damage without escaping from the sandbox

Apple has pretty good counter-measures but they are clearly not enough.  They way they implement code-signing is too lenient.”

In addition to hijacking the SMS database, Weinmann believes that the exploit could have also hijacked the phone contact list, photographs and iTunes music files though he wasn’t sure if it would be able to hijack emails.

Weinmann and Iozzo won a cash prize of $15,000 and also get to keep the hacked iPhone.

It will be interesting to see when Apple releases an update to close the exploit as it sounds quite scary that a rigged site could get access to your personal data on the iPhone.

Let us know your thoughts in the comments.

[via Threadpost]