iPhone 4S hacked using Safari exploit in Pwn2Own contest

By , Sep 19, 2012

Users of Apple’s iPhone and other iOS devices enjoy a fairly high level of security. In the past five years, the platform has only seen a handful of malware scares, and MIT says it recently crossed a “significant” threshold in security.

But all of that security couldn’t stop the iPhone 4S from getting hacked today at the Pwn2Own contest in Amsterdam. A group of Dutch security researchers gained remote access to the handset in seconds with a Safari exploit…

It took the team about three weeks to build the hack, from scratch. It uses a zero-day WebKit exploit, along with other scripts, to gain access to an iOS device without the owner’s permission or knowledge. That’s right, it’s stealth.

ZDNet reports:

“During the Pwn2Own attack, Pol created a web site that included an amusing animation of the Certified Secure logo taking a bite of the Apple logo. The drive-by download attack did not crash the browser so the user was oblivious to the data being uploaded to the attacker’s remote server. “If this is an attack in the wild, they could embed the exploit into an ad on a big advertising network and cause some major damage.”

The hack enabled the team to gain access to the address book, photo/video folder, and browsing history on the iPhone 4S. And even worse, the team says that the vulnerability hasn’t been fixed in iOS 6, so the iPhone 5 is also susceptible.

The group of researchers earned $30,000 for their exploit, which they immediately destroyed after the contest ended. They say it would be extremely dangerous if it fell into the wrong hands, and they’ve passed the data on to Apple.

Interestingly enough, last year’s iPhone Pwn2Own winner, Charlie Miller, was recently hired by Twitter to help beef up security.

  • Share:
  • Follow:
  • http://twitter.com/TrillxWave_ Pretty Flacko

    It’s crazy how good these guys are. respect

  • http://twitter.com/oneBurge Burge

    Could be new employees at Apple soon..

  • http://twitter.com/vasili_halai Vasili Halai

    Evening of great news:) Hope to see JB for iPhone 4S soon)

  • voltik

    Interesting…could this be used to jailbreak all the iPhones with safari?

  • http://www.facebook.com/jason.dennery Jason Dennery

    $30k, that’s it?

    Would have been much more profitable to sell the script to ad firms.

  • Gorgonphone

    yeah old news,… what i wana know is have they jailbroken the iphone 5 untethered year..????

    • Stephen Lynch

      They iPhone 5 hasn’t even been released yet, give them a break. It really bugs the hell out of me when I see people begging for jailbreaks. Give it some time, it will happen sooner or later.

  • http://twitter.com/ahood81 Adam Hood

    They destroyed the $30,000, why?

    • Stephen Lynch

      They destroyed their exploit not the $30k lol

    • Kurt

      13 people don’t have a sense of humor 0.o

    • http://twitter.com/ahood81 Adam Hood

      Wow it was a joke haha

  • cruzcontrol1001

    I hope that a jailbreak via safari can be built on this exploit such as jailbreak me. It would be nice to have the iPhone 5 jailbroke.

    • Stephen Lynch

      Not very likely considering they notified Apple of the vulnerability soon after they won the contest.

      • http://www.facebook.com/Lloydishness Lloyd Stephens

        Well not really cos heaps of iPhone 5′s have been shipped with iOS6 which is still susceptible to this exploit

      • Stephen Lynch

        If it’s in the iOS, apple will probably fix it in their next update.

    • http://twitter.com/tech4789 Brian Mitchell

      This doesn’t sound like it gains access to the root partition, just the media one that iTunes uses. So, it wouldn’t be useful for jailbreaking. :(

  • http://twitter.com/2morebatteries AAAA

    “…. and they’ve passed the data on to Apple.”

    Damn it’s nice to be Apple!

    Getting billions for trivial patents, adding old features to the iPhone 5 yet still selling out, AND people helping them find exploits for free.

    • Bieberkinz

      Well, if they said if this exploit was in the hands of a bad person, things can go wrong. I rather have a trusted jail breaker find an exploit and make a jailbreak than a no good hacker using someone else’s good work for bad.

  • dracoslife

    No telling if it’s root or not,but I think this is just a media based one and means they’ll be no jb from it and besides >.>,y’all are really being greedy….

  • seyss

    why they didnt use this to help the iOS6 jailbreak

  • http://www.facebook.com/LethoeshatedadedicatedfatherGreen Keith Green

    That is super awesome! Those r the guys u don’t want to cross! Lol.

  • Kurt

    “The group of researchers earned $30,000 for their exploit, which they immediately destroyed after the contest ended.”

    Damn, they destroyed $30,000 bucks. ouch

  • http://www.facebook.com/people/Jude-Palermo/100002164977772 Jude Palermo

    I jailBroken my 4s on iOS 6. Just today finally. This was VERY difficult and has to be sent to the DEV team for confirmation. Well, Jk. I AM SO SAD. I LOST MY iphone4s and ipad 3 JAILBREAK DUE TO A iPhone 3GS issue. Wtf. I was the most fucjahgsug up day in my life. I’m heart broken and my phone ZNEVER BEEN the same since.