website statistics
1 Star2 Stars3 Stars4 Stars5 Stars (Rated: 5.00/5)
Loading...

So another shocker from the Pwn2Own 2010 hacking contest that’s on going at the moment: hackers Vincenzo Iozzo and Ralf Philipp Weinmann were able to come up with a trick that allowed them to break into fully-patched iPhones’ SMS databases, even the messages that were deleted, simply by tricking the owner to visit a “rigged” web site.

Aside from hijacking entire SMS databases in about 20 seconds, the exploit could potentially also be used to “exfiltrated the phone contact list, photographs and iTunes music files.” All that by simply having a user visit a specific website and without ever needing to leave the iPhone sandbox. Sounds really scary, doesn’t it?

The exploit, however, crashed the iPhone’s browser session but Weinmann said that, with some additional effort, he could have a successful attack with the browser running.
“Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control,” Weinmann explained. Iozzo, who had flight problems, was not on hand to enjoy the glory of being the first to hijack an iPhone at the Pwn2Own challenge.

Weinmann, a 32-year-old from the University of Luxembourg, collaborated with Iozzo (a 22-year-old Italian researcher from Zynamics) on the entire process — from finding the vulnerability to writing the exploit. The entire process took about two weeks, Weinmann said.
Halvar Flake, a renowned security researcher who assisted with the winning exploit, said the biggest hiccup was bypassing the code-signing mitigation implemented by Apple on its flagship mobile device.
“This exploit doesn’t get out of the iPhone sandbox,” Flake explained, noting that an attacker can do enough damage without escaping from the sandbox.
“Apple has pretty good counter-measures but they are clearly not enough. The way they implement code-signing is too lenient,” Flake added.

On the Zynamics blog, Flake celebrated:
The payload used chained return-into-libc (“return oriented programming”) on ARM to execute in spite of code signing. As far as we know, this is the first public demonstration of chainged return-into-libc on thre ARM platform.
In addition to hijacking the SMS database, Weinmann said the winning Pwn2Own exploit could have exfiltrated the phone contact list, the email database, photographs and iTunes music files.
In the iPhone sandbox, Weinmann said there’s a non-root user called ‘mobile’ with certain user privileges. “With this exploit, I can do anything that ‘mobile’ can do.”
Weinmann declined to publicly discuss the techniques he used to find the vulnerability. “We’re working on developing techniques to find a certain class of vulnerabilities. I don’t want to discuss it too much.”
Aaron Portnoy, a security researcher at TippingPoint Zero Day Initiative (the company sponsoring Pwn2Own), described the attack as “very impressive.”
“It was a real world exploit against a popular device. They exfiltrated the entire SMS database in about 20 seconds. It was as if a Web page was loading.”
TippingPoint ZDI acquired the exclusive rights to the flaw information. The company will report the issue to Apple and will withhold details until a patch is released.

Weinmann and Iozzo won a $15,000 cash prize and got to keep the hijacked iPhone.


Is Facebook Responsible For Spreading STDs?

Facebook Hires Google Advertising
You can also press the left/right arrow key on your keyboard to go to previous/next post
  On March 25, 2010(6 years, 1 month ago.)

You May Also Like:

What Do You Think?

5 Responses

  1. Anonymous Says:

    […] The company will report the issue to Apple and will withhold details until a patch is released. Source __________________ […]

    Posted on March 25th, 2010 at 7:28 PM

  2. Traduire RSS Says:

    […] (172)  Les pirates peuvent s'introduire dans la base de données SMS de votre iPhone en 20 secondes […]

    Posted on March 30th, 2010 at 3:19 PM

  3. liljay2011 Says:

    my bluetooth is off, hidden as we may say, and im texting a chick on an android, and all of a sudden my computer starts glitching and i look down at my phone and my bluetooth is on, with my blue button lit up? could anyone please explain this?

    Posted on February 15th, 2011 at 3:51 PM

  4. Penguin_lauren Says:

    So what do you do if this happens? I had it happen to me but when I went to the “website” I only let it load for one whole second and turn my phone off immediately. Now when I go to my Internet, the home page is always blank. As with a new page, it is also blank. I erased and restored my phone but it didn’t help. And yes JavaScript is turned on.

    Posted on April 11th, 2011 at 6:46 PM

  5. Sxynblond2 Says:

    i think i went to one of these sites arhuggvv how do i fix it?

    Posted on January 21st, 2012 at 12:52 PM

Leave a Reply




Loading Facebook Comments ...

FTC Disclosure: Some of the links of this website are "affiliate links." This means if you click on the link and purchase the item, we will receive an affiliate commission.


Recent Search

Recent Tutorials

Now you can set custom ringtones to individual skype contacts on android. It's easy to setup. Take a look.
Now you can install Microsoft's Cortana on Android devices. It's pretty easy to install. Follow the steps below, check the screenshot.
Want to install Android lollipop 5.0.2 on pc? This post is for you. It's pretty easy to install and run. Just take a look.
With our partnership with Mode Media, we just got a jump start. Here is our first story of hand picked curated content on Android Tutorials.
Want to change theme on android ? We will show you how to change theme on android. It will makes your phone looks like new and smart.
You can record your screen on android very easily. No root Required. All you have to need a pc and USB cable. Let's find out.
A simple tutorial on how-to block a phone number on Android device, without an external app. Its pretty easy and straight-forward. Take a look.
Here we will show how to take Screenshot on your Apple Watch.
For too many people, the realization that they need to back up their photos and videos only comes when they misplace or break their smartphones and lose everything. Here we a report on possible solution and best tools.
Not sure if you are aware that your Wi-Fi Router Or Modem could be hacked too. Here we found a quick tips, how to check if your Router or Modem is hacked.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook