Experts hack iPhone SMS database in 20 sec
Facebook Twitter google+ RSS Feed

Experts hack iPhone SMS database in 20 sec

By SiliconIndia   |   Monday, 29 March 2010, 03:01 Hrs   |    2 Comments
Printer Print Email Email
Experts hack iPhone SMS database in 20 sec
Bangalore: Two security researchers have found an exploit to hack iPhone's SMS Database in 20 seconds, while displaying their skills at the Pwn2Own contest at the CanSecWest Security show. Ralf Philipp Weinmann of the University of Luxembourg and Vincenzo Iozzo of German company Zynamics found this exploit for the iPhone that won them $15,000 prize, reported ZDNet.

iPhone was not the only thing to get hacked. Safari on Snow Leopard and Internet Explorer 8 as well as Firefox browsers on Windows 7 got hacked too, according to TechTree. Weinmann and Iozzo collaborated to finding vulnerability and then writing an exploit - the entire process took two weeks. As a part of the hack, iPhone users have to visit a website hosting malicious code and then steal iPhone's SMS database - all in the matter of 20 seconds! Weinmann explained, "Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control".

Thomas Dullien, Weimann's colleague explained that the attacker had potential to do more damage without leaving the iPhone Sandbox, a tightly-controlled set of resources for running unverified codes. The exploit was written to bypass the digital signatures for verifying if the code in memory is from Apple or not. Weinmann pointed out that there's a non-root user called 'mobile' with certain user privileges and using that exploit, he could can do anything that 'mobile' (non-root user) can do.

Charlie Miller, principal security analyst at Independent Security Evaluators, found an exploit to hack Safari on a MacBook Pro without physically touching the machine and won $10,000 worth prize money.

Experts on SiliconIndia
Santhosh  K
Sr. Soft. Engg.
Oracle India
Nehal Vyas
Sr. Team Lead
Cyberoam Tech.
Rani Malli
Sr. Director
Philips
Sr. Executive
ISB
Vijay Balkrishna Konduskar
Business Consultant
Imans Web Tech
Dr L P  Sharma
Technical Director
NIC
Reena Khanna
Founder
Solitaireworld
Dellas  Asse
sys-network admin
Computer Station
Write your comment now
Submit Reset
Reader's comments(2)
1: i learnt the same how it is done, and now i hv protected my mobile fone :D i mean the iphone 3gs :D u too can learn http://www.infysec.com/events/hackedge/
Posted by:ram - 01 May, 2010
2: Today, with hacking anything seems to be possible and this instance shows it..
Posted by:Das - 28 Mar, 2010