Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Pwn2Own hackers compromise iPhone 4S through WebKit hole

Pwn2Own hackers compromise iPhone 4S through WebKit hole
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Sep 19, 2012, 05:24 PM
A vulnerability in WebKit, the engine behind Mobile Safari and other iOS browsers, allowed two Dutch professional security researchers to come up with an exploit that compromised an iPhone 4S and won the pair a $30,000 cash prize at the mobile Pwn2Own contest in Amsterdam. While the finished exploit can be deployed in minutes, finding a vulnerability to use in WebKit and developing the technique took about three weeks of dedicated work, Certified Secure CEO Joost Pol told interviewers. The vulnerability is not yet patched in iOS 6, the team says.

After finding the zero-day vulnerability in WebKit, Pol and Daan Keuper put many other techniques on top of the exploit in order to corrupt the memory of the browser and inject new instructions, which told it to surf to a malicious website. The hack bypassed the code signing normally required, which allowed the duo to access photos, videos, contacts and browsing history. Email and SMS were not available, they said, because they were sealed off from the memory corruption and encrypted as well. They pair pointed out that even with the hack they discovered, iOS is undoubtedly the most secure mobile platform. Since the exploit they found could be used for harm, they decided to purge their machines of the code and erased all traces of it. "If [the attack they developed was seen] in the wild, [hackers] could embed the exploit into an ad on a big advertising network and cause some major damage," Pol said. Until the problem is resolved, and particularly for users on Android and especially Blackberry, Pol advised that they "should never be doing ... anything of value on their mobile phone." Though the researchers destroyed their own code, the vulnerability exists in all versions of WebKit, even the latest in iOS 6, which was released today. Because the technique was publicly demonstrated, it's likely that other hackers will soon rediscover the issue and develop their own exploits. Pol provided the vulnerability and proof-of-concept code to the contest organizers, meaning it is possible the exploit could leak into the hacker community before Apple (which will be given a copy) can produce an update. A Galaxy S III smartphone was also hacked, using a vulnerability in the Near-Field Communication software on the device -- possibly a concern that kept the technology out of the new iPhone 5, along with the lack of maturity of NFC use in North American retail. The hack allowed attackers to take full control of the smartphone, accessing all user data by simply "beaming" an exploit from one SIII to another.
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status: Offline
Reply With Quote
Sep 20, 2012, 05:24 AM
:: crickets chirping ::
Forum Regular
Join Date: Aug 2001
Status: Offline
Reply With Quote
Sep 20, 2012, 11:35 AM
Originally Posted by Grendelmon View Post
:: crickets chirping ::
Yeah, if it was Android you'd be talking about how it shows that to be so insecure.

And you should also note the part that says "Still unfixed in v6.0". But, OK, you're right. Who cares. Not like anyone goes to a web site and gets their computer infected or anything. That never happens.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Privacy Policy
All times are GMT -4. The time now is 06:19 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2