Experts hack iPhone SMS database in 20 sec

By SiliconIndia   |   Monday, 29 March 2010, 03:01 Hrs   |    2 Comments
Printer Print Email Email
Experts hack iPhone SMS database in 20 sec
Bangalore: Two security researchers have found an exploit to hack iPhone's SMS Database in 20 seconds, while displaying their skills at the Pwn2Own contest at the CanSecWest Security show. Ralf Philipp Weinmann of the University of Luxembourg and Vincenzo Iozzo of German company Zynamics found this exploit for the iPhone that won them $15,000 prize, reported ZDNet.

iPhone was not the only thing to get hacked. Safari on Snow Leopard and Internet Explorer 8 as well as Firefox browsers on Windows 7 got hacked too, according to TechTree. Weinmann and Iozzo collaborated to finding vulnerability and then writing an exploit - the entire process took two weeks. As a part of the hack, iPhone users have to visit a website hosting malicious code and then steal iPhone's SMS database - all in the matter of 20 seconds! Weinmann explained, "Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control".

Thomas Dullien, Weimann's colleague explained that the attacker had potential to do more damage without leaving the iPhone Sandbox, a tightly-controlled set of resources for running unverified codes. The exploit was written to bypass the digital signatures for verifying if the code in memory is from Apple or not. Weinmann pointed out that there's a non-root user called 'mobile' with certain user privileges and using that exploit, he could can do anything that 'mobile' (non-root user) can do.

Charlie Miller, principal security analyst at Independent Security Evaluators, found an exploit to hack Safari on a MacBook Pro without physically touching the machine and won $10,000 worth prize money.

SPOTLIGHT
IBM announces programme
n a bid to recognise the contribution of developers in the open source community, Information ..
Wipro opens third industrial
IT major Wipro Ltd on Thursday opened its centre of excellence for Industrial Internet of Things (..
Facebook denies cyber attack
Facebook ruled out a cyber attack on its products Whatsapp, Instagram and Messenger, which suf..
Google's Gboard gets offline
Google is adding an Artificially Intelligent (AI) offline dictation feature on its Gboard keyb..