Printed from http://www.electronista.com

Pwn2Own hackers compromise iPhone 4S through WebKit hole

updated 09:02 pm EDT, Wed September 19, 2012

Vulnerability exposes contacts, photos, but not SMS or email

A vulnerability in WebKit, the engine behind Mobile Safari and other iOS browsers, allowed two Dutch professional security researchers to come up with an exploit that compromised an iPhone 4S and won the pair a $30,000 cash prize at the mobile Pwn2Own contest in Amsterdam. While the finished exploit can be deployed in minutes, finding a vulnerability to use in WebKit and developing the technique took about three weeks of dedicated work, Certified Secure CEO Joost Pol told interviewers. The vulnerability is not yet patched in iOS 6, the team says.

After finding the zero-day vulnerability in WebKit, Pol and Daan Keuper put many other techniques on top of the exploit in order to corrupt the memory of the browser and inject new instructions, which told it to surf to a malicious website. The hack bypassed the code signing normally required, which allowed the duo to access photos, videos, contacts and browsing history. Email and SMS were not available, they said, because they were sealed off from the memory corruption and encrypted as well.

They pair pointed out that even with the hack they discovered, iOS is undoubtedly the most secure mobile platform. Since the exploit they found could be used for harm, they decided to purge their machines of the code and erased all traces of it. "If [the attack they developed was seen] in the wild, [hackers] could embed the exploit into an ad on a big advertising network and cause some major damage," Pol said.

Until the problem is resolved, and particularly for users on Android and especially Blackberry, Pol advised that they "should never be doing ... anything of value on their mobile phone." Though the researchers destroyed their own code, the vulnerability exists in all versions of WebKit, even the latest in iOS 6, which was released today. Because the technique was publicly demonstrated, it's likely that other hackers will soon rediscover the issue and develop their own exploits. Pol provided the vulnerability and proof-of-concept code to the contest organizers, meaning it is possible the exploit could leak into the hacker community before Apple (which will be given a copy) can produce an update.

A Galaxy S III smartphone was also hacked, using a vulnerability in the Near-Field Communication software on the device -- possibly a concern that kept the technology out of the new iPhone 5, along with the lack of maturity of NFC use in North American retail. The hack allowed attackers to take full control of the smartphone, accessing all user data by simply "beaming" an exploit from one SIII to another.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Grendelmon

    Dedicated MacNNer

    Joined: 12-26-07

    :: crickets chirping ::

  1. testudo

    Forum Regular

    Joined: 08-06-01

    Originally Posted by GrendelmonView Post

    :: crickets chirping ::



    Yeah, if it was Android you'd be talking about how it shows that to be so insecure.

    And you should also note the part that says "Still unfixed in v6.0". But, OK, you're right. Who cares. Not like anyone goes to a web site and gets their computer infected or anything. That never happens.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News