iPhone 4S Hacked By Dutch Team at Mobile Pwn2Own

Posted September 19, 2012 at 10:04pm by iClarified | Please help us and submit a translation by clicking here | 24026 views

At the latest Pwn2Own competition, Dutch hackers exploited a WebKit bug that allowed them to hijack the iPhone's address book, photos, videos, and browsing history. Joost Pol and Daan Keuper demonstrated their attack at the Pwn2Own event in Amsterdam.

This exploit gave the pair $30,000 in cash, as well as a BlackBerry Playbook since RIM was the sponsor.

In an interview, Joost Pol stated that "We really wanted to see how much time it would take a motivated attacker to do a clean attack against your iPhone. For me, that was the motivation. The easy part was finding the WebKit zero-day."

It was a basic vulnerability but we had to chain a lot of things together to write the exploit," Pol said, making it clear that the entire exploit only used a single zero-day bug to sidestep Apple's strict code signing requirements and the less restrictive MobileSafari sandbox.

Although the successful attack exposed the entire address book, photo/video database and browsing history, Pol and Keuper said they did not have access to the SMS or e-mail database. "Those are not accessible and they're also encrypted," Keuper explained.
The exploit itself took some jumping around. With the WebKit bug, which was not a use-after-free flaw, the researchers had to trigger a use-after-free scenario and then abuse that to trigger a memory overwrite. Once that was achieved, Pol and Keuper used that memory overwrite to cause a read/write gadget, which provided a means to read/write to the memory of the iPhone. "Once we got that, we created a new function to run in a loop and used JIT to execute the code without signing," Keuper explained.

Despite obliterating the security in Apple's most prized product, Pol and Keuper insists that the iPhone is the most secure mobile device available on the market. "It just shows how much you should trust valuable data on a mobile device. It took us three weeks, working from scratch, and the iPhone is the most advanced device in terms of security."

The exploit worked on 5.1.1 and even the iOS 6 GM release. Devices like the Pad, iPhone 4, and previous versions of the iPod Touch were all exploitable.

Read More via EvilPenguin

Share
Add Comment
Skizzle - September 20, 2012 at 3:00am
Everyone knows if its done by a human it can be undone by a human. Any good engineer or software guy. Its all a matter of time and interest. Zero-day exploits get bought out to be never discussed again by the "hackers", meaning RIM holds the key to Apple's current security. They will just use it in effort to make their products better and gain more corporate business again. The average Joe will not be harmed. Coming from a long time iphone user, watch as RIM makes an android like move that will in no way be comparable to Apple products, just like android itself.
Unnam - September 20, 2012 at 12:47am
why can they hack Samsung S3 to fuck with Samsung? If I was a hacker I will screwing with Samsung all the time.
Captain Obvious - September 20, 2012 at 2:10am
Easy... It's not a challenge for hackers. As you can read in this article, the hackers state that iOS is the most secure mobile operating system making it the number 1 attraction for them.
Man - September 19, 2012 at 10:54pm
Most worldwide corporations now allow their employees to carry iPhones as a work phone. This means the iPhone is fully compliant with the high level security requirements set in place. Blackberries are no longer needed and nobody wants to use some outdated technology they have. Only a complete idiot would buy a blackberry phone now days. RIM is going to be out of business sooner than later.
J - September 19, 2012 at 10:41pm
RIM has nothing else to do with their finances these days huh. Lol.
terrance&philip - September 19, 2012 at 10:21pm
these morons need to stop crying out loud everytime they find a loophole in idevices. Apple will keep blocking them and then we would never have any exploits
1 More Comments
Follow iClarified