In under 20 seconds, Vincenzo Iozzo and Ralf Philipp Weinmann managed to crank the collective security paranoia felt by iPhone users around the globe up to 11.
Using a previously unknown vulnerability in the smartphone's security features, the pair of hackers were able to bypass iPhone security by luring the handset to browse a website, that forces the phone to hand over its SMS database in under half a minute. The hack was committed as part of the Pwn2Own challenge, held in Vancouver this week. For their efforts, Iozzo and Weinmann were awarded $15,000 and were allowed to keep the exploited handset.
In addition to allowing access to the iPhone's SMS database, the security exploit could also allow for ner'do'wells to snag any photos, the users contact list and email messages and iTunes music file.
The full details of the exploit are being safeguarded by the good people at TippingPoint's Zero Day Initiative - a program that rewards researchers (hackers, ahem,) for the responsible reporting of security exploits found in software. ZDI will be releasing information surrounding the hack to Apple to ensure that the security issues that allowed it can be corrected.
So, landline anyone?
GMan
March 25, 2010 at 4:23pm
I can connect my iPhone to my computer and get photos in less than 5 seconds.
Not much of a test when you give them access to the hardware.
