AAPL Stock: 118.4 ( + 0.1 )

Printed from

Pwn2Own hackers compromise iPhone 4S through WebKit hole

updated 09:02 pm EDT, Wed September 19, 2012

Vulnerability exposes contacts, photos, but not SMS or email

A vulnerability in WebKit, the engine behind Mobile Safari and other iOS browsers, allowed two Dutch professional security researchers to come up with an exploit that compromised an iPhone 4S and won the pair a $30,000 cash prize at the mobile Pwn2Own contest in Amsterdam. While the finished exploit can be deployed in minutes, finding a vulnerability to use in WebKit and developing the technique took about three weeks of dedicated work, Certified Secure CEO Joost Pol told interviewers. The vulnerability is not yet patched in iOS 6, the team says.

After finding the zero-day vulnerability in WebKit, Pol and Daan Keuper put many other techniques on top of the exploit in order to corrupt the memory of the browser and inject new instructions, which told it to surf to a malicious website. The hack bypassed the code signing normally required, which allowed the duo to access photos, videos, contacts and browsing history. Email and SMS were not available, they said, because they were sealed off from the memory corruption and encrypted as well.

They pair pointed out that even with the hack they discovered, iOS is undoubtedly the most secure mobile platform. Since the exploit they found could be used for harm, they decided to purge their machines of the code and erased all traces of it. "If [the attack they developed was seen] in the wild, [hackers] could embed the exploit into an ad on a big advertising network and cause some major damage," Pol said.

Until the problem is resolved, and particularly for users on Android and especially Blackberry, Pol advised that they "should never be doing ... anything of value on their mobile phone." Though the researchers destroyed their own code, the vulnerability exists in all versions of WebKit, even the latest in iOS 6, which was released today. Because the technique was publicly demonstrated, it's likely that other hackers will soon rediscover the issue and develop their own exploits. Pol provided the vulnerability and proof-of-concept code to the contest organizers, meaning it is possible the exploit could leak into the hacker community before Apple (which will be given a copy) can produce an update.

A Galaxy S III smartphone was also hacked, using a vulnerability in the Near-Field Communication software on the device -- possibly a concern that kept the technology out of the new iPhone 5, along with the lack of maturity of NFC use in North American retail. The hack allowed attackers to take full control of the smartphone, accessing all user data by simply "beaming" an exploit from one SIII to another.

by MacNN Staff



  1. Grendelmon

    Senior User

    Joined: 12-26-07

    :: crickets chirping ::

  1. testudo

    Forum Regular

    Joined: 08-06-01

    Originally Posted by GrendelmonView Post

    :: crickets chirping ::

    Yeah, if it was Android you'd be talking about how it shows that to be so insecure.

    And you should also note the part that says "Still unfixed in v6.0". But, OK, you're right. Who cares. Not like anyone goes to a web site and gets their computer infected or anything. That never happens.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented