iPhone Pwned at Pwn20wn


Looks like our iPhone didn't put up much of a fight at the latest Pwn20own contest in Vancouver, falling on the first day to hacking duo Ralf Philipp Weinmann of the University of Luxembourg, and Vincenzo Iozzo of Zynamics according to CNET.

The team wins $15,000 for their efforts, which took them about 2 weeks to write. The exploit involved getting a user to go to a malicious website whose payload downloads and executes, stealing the contents of the iPhone's SMS database. (Though they said the same attack could be used to get contacts, photos, or any other data).

The exploit was written to bypass the digital code signatures used on the iPhone to verify that the code in memory is from Apple, he said. The exploit then looked for chunks in Apple's code that could be pieced together to accomplish the attack, according to Weinmann.

Bypassing Apple's security was "major issue" and used a process known since 1997 but not exploited on an ARM-based device like the iPhone until now.

The details of how the exploit was done are being kept confidential but will be shared with Apple.

Hacking the iPhone is nothing new, of course, as getting around Apple's security is how Jailbreak is achieved (and original iPhone 2G owners may remember one of the earliest Jailbreak techniques involved simply going to a website with Mobile Safari). Apple has been beefing up their security team so while it's not good news for Jailbreakers, future iPhone hardware and software should be harder targets.

Oh, and yes, Charlie Miller won $10,000 for exploiting Mac Safari. Again.

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

TiPb Apps 6.3: AllSport for iPhone (CTIA 2010)

Next up →

iPad iBookstore to Include Project Gutenberg Catalog?

Reader comments

iPhone Pwned at Pwn20wn


TippintPoint ZDI gets the exploit, and will assist Apple in patching it. This is a good thing for everyone.
Firefox also fell, so did IE. Chrome wasn't tested and Google just patched some Chrome holes a few days ago.

Worst part about is was the successful theft and download of entire sms database even DELETED SMS messages.
So not only does Apple have a hole that they may or may not patch (Apple's history on security exploits is weak), but they also have a major flaw of leaving deleted messages in the iphone memory.
This latter is potentially a bigger flaw than the fact that the phone could be pwned, because it also suggests you have no means of protecting yourself. Deletion does not work.
Since they tend to use sqlite databases for most things, this also suggests that contacts, Calendars, notes, and most other data is also at risk.

Everything is at risk, but once again this is another exploit that we will never see in the real world, it already would require the user to go to a particular site from their iPhone, so even if left unpatched, it would never become a problem for Apple nor the end user

Until the method leaks out. Seriously how long will that take?
Once it's common knowledge among hackers such sites will spring up everywhere.

Some of these exploits have been floating around for years on the desktop side, and haven't leaked out, this one won't either, do you see the money that's involved? These aren't script kiddies hacking for lulz, they take this seriously, and of all the exploits found at prior pwn20wn's, very (VERY) few have been publicly disclosed, and or leaked...

So why is it every year that the first system hacked is Apple? Yet they tout the worlds safest computer.
As far as this not being a problem, it very much is. Just because these are professionals, it doesn't mean that there are not "kiddies" out there as smart that will find this out, add this link in an app that could be approved by Apple, then have many iPhones exploited. If Apple couldn't find this exploit the first time, and their system is constantly the first to go down, they have some work to do.

OMG I thought anything Mac was bulletproof. For some reason this kool-aid is leaving a bad taste in my mouth.
Off topic.....why in the h3ll am I staring at a Droid advert as I write this? Kinda hypocritical being an iPhone fanboy site n all.

Mac is not bulletproof. True. But thru my 3 years experiences with osx, I have never been attacked with any so called bullets (not that I am aware off)...

Because Davey, the probability of anyone seeing these exploits in the real world are slim to nil, Apple as well as every other OS out there have tons of exploits, but the difference is that we see them in the real world on Windows way more often, no one wants to target the minority user base (Apple) which is why Windows has such bad rep

These are new hacks, all the old ones went viral almost immediately after they were discovered and demonstrated.
Burying your head in the sand and singing LA LA LA real loud is not going to protect you. To say these hacks won't see the light of day when ALL THE OLD ONES DID is just silly and counter productive. Stop defending Apple's spotty security record. Its time to cage your fanboy and wise up to the reality.

Any software can be exploited.. Look at how many windows updates are for security. Firmware is no different. Why do you think there is such a long app store approval process.