Experts hack iPhone SMS database in 20 sec
iPhone was not the only thing to get hacked. Safari on Snow Leopard and Internet Explorer 8 as well as Firefox browsers on Windows 7 got hacked too, according to TechTree. Weinmann and Iozzo collaborated to finding vulnerability and then writing an exploit - the entire process took two weeks. As a part of the hack, iPhone users have to visit a website hosting malicious code and then steal iPhone's SMS database - all in the matter of 20 seconds! Weinmann explained, "Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control".
Thomas Dullien, Weimann's colleague explained that the attacker had potential to do more damage without leaving the iPhone Sandbox, a tightly-controlled set of resources for running unverified codes. The exploit was written to bypass the digital signatures for verifying if the code in memory is from Apple or not. Weinmann pointed out that there's a non-root user called 'mobile' with certain user privileges and using that exploit, he could can do anything that 'mobile' (non-root user) can do.
Charlie Miller, principal security analyst at Independent Security Evaluators, found an exploit to hack Safari on a MacBook Pro without physically touching the machine and won $10,000 worth prize money.
Post your Comment
All form fields are required.