Charlie Miller has successfully hacked an Apple product at Pwn2Own 2011 hacking contest at Vancouver. This year he has successfully hacked an iPhone 4 via Safari resulting in access to the Address Book. This genius won the contest for the 4th time consecutively.
The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book. Miller partnered with colleague Dion Blazakis to successfully exploit the Apple device using a MobileSafari flaw to swipe the iPhone 4′s address book.
After winning, Dion tweeted:
From his tweet:
@0xcharlie @dancaselden and I won the iPhone PWN2OWN. What a pain in the ass — glad it wasn’t iOS 4.3 (vuln still there, tho) 🙂
Miller performed the hack on an iPhone running iOS 4.2.1 and it will not work if you have upgraded to the current iOS 4.3.
Miller stated about the newest version of iOS and how it’s more protected:
If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.
Miller and his partner Dion Blazakis took home $15,000 in cash and the hijacked iPhone 4.
Click On Ads To Buy iPhones Accessories