Printed from

Pwn2Own hackers compromise iPhone 4S through WebKit hole

updated 09:02 pm EDT, Wed September 19, 2012

Vulnerability exposes contacts, photos, but not SMS or email

A vulnerability in WebKit, the engine behind Mobile Safari and other iOS browsers, allowed two Dutch professional security researchers to come up with an exploit that compromised an iPhone 4S and won the pair a $30,000 cash prize at the mobile Pwn2Own contest in Amsterdam. While the finished exploit can be deployed in minutes, finding a vulnerability to use in WebKit and developing the technique took about three weeks of dedicated work, Certified Secure CEO Joost Pol told interviewers. The vulnerability is not yet patched in iOS 6, the team says.

After finding the zero-day vulnerability in WebKit, Pol and Daan Keuper put many other techniques on top of the exploit in order to corrupt the memory of the browser and inject new instructions, which told it to surf to a malicious website. The hack bypassed the code signing normally required, which allowed the duo to access photos, videos, contacts and browsing history. Email and SMS were not available, they said, because they were sealed off from the memory corruption and encrypted as well.

They pair pointed out that even with the hack they discovered, iOS is undoubtedly the most secure mobile platform. Since the exploit they found could be used for harm, they decided to purge their machines of the code and erased all traces of it. "If [the attack they developed was seen] in the wild, [hackers] could embed the exploit into an ad on a big advertising network and cause some major damage," Pol said.

Until the problem is resolved, and particularly for users on Android and especially Blackberry, Pol advised that they "should never be doing ... anything of value on their mobile phone." Though the researchers destroyed their own code, the vulnerability exists in all versions of WebKit, even the latest in iOS 6, which was released today. Because the technique was publicly demonstrated, it's likely that other hackers will soon rediscover the issue and develop their own exploits. Pol provided the vulnerability and proof-of-concept code to the contest organizers, meaning it is possible the exploit could leak into the hacker community before Apple (which will be given a copy) can produce an update.

A Galaxy S III smartphone was also hacked, using a vulnerability in the Near-Field Communication software on the device -- possibly a concern that kept the technology out of the new iPhone 5, along with the lack of maturity of NFC use in North American retail. The hack allowed attackers to take full control of the smartphone, accessing all user data by simply "beaming" an exploit from one SIII to another.

By Electronista Staff
Post tools:




  1. Grendelmon

    Mac Enthusiast

    Joined: 12-26-07

    :: crickets chirping ::

  1. testudo

    Forum Regular

    Joined: 08-06-01

    Originally Posted by GrendelmonView Post

    :: crickets chirping ::

    Yeah, if it was Android you'd be talking about how it shows that to be so insecure.

    And you should also note the part that says "Still unfixed in v6.0". But, OK, you're right. Who cares. Not like anyone goes to a web site and gets their computer infected or anything. That never happens.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News