Apple iPhone exploited by Pwn2Own, SMS Database stolen
At the Pwn2Own 2010 event where hackers show off their skill, an up-to-date and patched Apple iPhone has been hacked in around 20 seconds. The hack enables the malicious user to obtain the full SMS database of the iPhone taking all sent, read and even deleted messages. More worryingly the exploit could be extended to steal the phone contact list, the email database, photographs and iTunes music files as well.
The feat was done by Weinmann, a 32 year old from the University of Luxemourg and Iozzo, a 22 year old Italian researcher from Zynamics and the whole process from finding and writing the exploit was done in about two weeks.
“Basically, every page that the user visits on our (rigged) site will grab the SMS database and upload it to a server we control,” Weinmann explained.
Apple has created “sandboxes” which are areas of which code can run within, but not beyond for security purposes, giving them limited access to key areas. In this sandbox Weinmann explained that there is a non-root user called ‘mobile’ with certain user privileges. “With this exploit, I can do anything that ‘mobile’ can do.”
While this exploit is highly malicious, the full details of how to do it was not publicly disclosed as Pwn2Own is a sponsered event by TippingPoint ZDI, which rewards the winning hacks and exploits with money and prizes in exchange for the information exclusively. TippingPoint will be passing this information on to Apple in the hope that they will patch it to prevent further exploits in the future.
As for the prize for Weinmann and Iozzo? A cool $15,000, the iPhone in question and plenty of media coverage.