updated 07:20 pm EDT, Wed March 24, 2010
Researchers break iPhone's text messaging
TippingPoint Zero-Day Initiative this evening confirmed that the iPhone's SMS database has been compromised at the annual CanSecWest conference's Pwn2Own contest. Zynamics' Vincenzo Iozzo and the University of Luxembourg's Ralf Philipp Weinmann (pictured) used a malicious website in Safari to deliver a payload that could then upload the SMS logs to a remote site. The entire compromise took place in about 20 seconds, although crafting the hack took about two weeks.
The technique notably didn't require breaking any of the sandboxing of the OS, which prevents unsigned code from running on the handset. It may have been rare in the phone world as it may have been the first instance of "return oriented programming" on the ARM chips normally used for phones, according to Zynamics' Thomas Dullien.
The approach could theoretically be used to get access to other data on the phone, such as the music and photos stored on the phone.
As with previous contests, the winners get both a cash prize (this year $15,000) and the device they compromised. TippingPoint will have the sole rights to knowledge about the exploit, but a talk discussing the hack is due on Thursday. Apple will be told the details of the exploit with hopes it will be implemented in a later firmware fix.