iPhone falls at Pwn2Own

iPhone falls at Pwn2Own

Summary: According to Zero Day Initiative, an initiative founded by TippingPoint which organizes the security competition Pwn2Own, the iPhone has been successfully exploited within minutes of the competition starting.

SHARE:

According to Zero Day Initiative, an initiative founded by TippingPoint which organizes the security competition Pwn2Own, the iPhone has been successfully exploited within minutes of the competition starting.

The news was released via Twitter a few moments ago:

Vincenzo Iozzo and Ralf Philipp Weinmann successfully exploit the iPhone via Safari! Their payload pulled the SMS database.

The hack seems to have taken less than 10 minutes to pull off. The iPhone was a 3GS model and was running iPhone OS 3.1.3.

Note: Details on all the exploits used at Pwn2Own will be shared by contest organiser TippingPoint with the relevant vendors, allowing patches to be developed.

In order to compromise the iPhone the contestants exploited a zero day Safari vulnerability with a payload which retrieved the text messages from the device.

Topics: Collaboration, Hardware, iPhone, Mobility, Security, Smartphones

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Makes me SOOOO happy I don't own an iPhone

    I knew iPhone would be the easiest to hack.
    NonZealot
    • ignore the post...

      As suggested they knew the vulnerability before coming in here... I mean
      it's not like IE8 survived much longer...
      jgpmolloy
    • I guess you don't know how Pwn2Own works.

      They aren't actually finding and exploiting a vulnerability there.

      They do that way ahead of time, and nobody is told how long it took them/how hard it was for them.

      That the hack (once created) ran faster on the iPhone just means the iPhone is less bloated.
      AzuMao
      • Bloated or not....

        They were able to hack it along with almost everything else. It just goes to show you that code, no matter who from, can be exploited if the desire is there.
        OhTheHumanity
  • RE: iPhone falls at Pwn2Own

    I really enjoyed reading this post !!!have bookmarked <a href="http://mlbshopgiants.com/">w</a><a href="http://best3dtvavailable.com/">e</a><a href="http://lampsplusstorelocator.com/">b</a><a href="http://discountperfumewebsites.com/">s</a> will come back to read more.
    JOYCEwe