July 21, 2024
iPhone 4S Hacked By Dutch Team at Mobile Pwn2Own

iPhone 4S Hacked By Dutch Team at Mobile Pwn2Own

Posted September 19, 2012 at 10:04pm by iClarified
At the latest Pwn2Own competition, Dutch hackers exploited a WebKit bug that allowed them to hijack the iPhone's address book, photos, videos, and browsing history. Joost Pol and Daan Keuper demonstrated their attack at the Pwn2Own event in Amsterdam.

This exploit gave the pair $30,000 in cash, as well as a BlackBerry Playbook since RIM was the sponsor.

In an interview, Joost Pol stated that "We really wanted to see how much time it would take a motivated attacker to do a clean attack against your iPhone. For me, that was the motivation. The easy part was finding the WebKit zero-day."

It was a basic vulnerability but we had to chain a lot of things together to write the exploit," Pol said, making it clear that the entire exploit only used a single zero-day bug to sidestep Apple's strict code signing requirements and the less restrictive MobileSafari sandbox.

Although the successful attack exposed the entire address book, photo/video database and browsing history, Pol and Keuper said they did not have access to the SMS or e-mail database. "Those are not accessible and they're also encrypted," Keuper explained.
The exploit itself took some jumping around. With the WebKit bug, which was not a use-after-free flaw, the researchers had to trigger a use-after-free scenario and then abuse that to trigger a memory overwrite. Once that was achieved, Pol and Keuper used that memory overwrite to cause a read/write gadget, which provided a means to read/write to the memory of the iPhone. "Once we got that, we created a new function to run in a loop and used JIT to execute the code without signing," Keuper explained.

Despite obliterating the security in Apple's most prized product, Pol and Keuper insists that the iPhone is the most secure mobile device available on the market. "It just shows how much you should trust valuable data on a mobile device. It took us three weeks, working from scratch, and the iPhone is the most advanced device in terms of security."

The exploit worked on 5.1.1 and even the iOS 6 GM release. Devices like the Pad, iPhone 4, and previous versions of the iPod Touch were all exploitable.

Read More via EvilPenguin

iPhone 4S Hacked By Dutch Team at Mobile Pwn2Own
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
iClarified Icon
Would you like to be notified when we post a new Apple news article or tutorial?
Comments (5)
You must login or register to add a comment...
Unnam - September 20, 2012 at 12:47am
why can they hack Samsung S3 to fuck with Samsung? If I was a hacker I will screwing with Samsung all the time.
Captain Obvious
Captain Obvious - September 20, 2012 at 2:10am
Easy... It's not a challenge for hackers. As you can read in this article, the hackers state that iOS is the most secure mobile operating system making it the number 1 attraction for them.
Man - September 19, 2012 at 10:54pm
Most worldwide corporations now allow their employees to carry iPhones as a work phone. This means the iPhone is fully compliant with the high level security requirements set in place. Blackberries are no longer needed and nobody wants to use some outdated technology they have. Only a complete idiot would buy a blackberry phone now days. RIM is going to be out of business sooner than later.
Jay - September 19, 2012 at 10:41pm
RIM has nothing else to do with their finances these days huh. Lol.
NoGoodNick - September 19, 2012 at 10:14pm
Yeah, RIM sponsored a contest to compromise their biggest compeditor in the hopes people will try Blackberrys again, since there's little hope they'll sell anymore otherwise. But I'd rather they spent their time trying to jailbreaking the device, then getting everyone defensive over something that doesn't help anyone. Now Apple is going to make it's device that much harder to access.
Recent. Read the latest Apple News.
Tutorials. Help is here.
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.