PWN2OWN: iPhone 3Gs Hacked Minutes After The Event Started

Security researchers Vincenzo Iozzo from Zynamics GmbH and Ralf-Philipp Weinmann from the University of Luxembourg today won the “iPhone” section of the renowned PWN2OWN contest in Vancouver, Canada. The demonstrated attack code steals the SMS database from the phone, albeit other attack payloads are easily possible.

MuscleNerd congratulates the two researchers and says that their work potentially re-opens userland jailbreaks that haven’t been around since 1.x days. The attack occurs when an iPhone user is visiting the jailbreakme.com site , and although they demonstrated it on an iPhone 3Gs, MuscleNerd says that it affects all iDevices. Apple should patch this bugs asap, BUT if you are on a jailbroken device, you should avoid updating it.

Besides all iDevices, the attack affects Firefox and IE7 ( really IE?… still?!!? ) users on Windows and Safari users on Mac. The interesting thing, it took them only a few minutes after the event started to announced that the iPhone 3Gs is pwned, and they already tweeted “all you sms are belong to us”…

Official press release:

Vancouver, Canada

Security researchers Vincenzo Iozzo from Zynamics GmbH and Ralf-Philipp Weinmann from the University of Luxembourg today won the “iPhone”
section of the renowned PWN2OWN contest in Vancouver, Canada. The contest pits the world’s leading security researchers against the latest versions of common operating systems and platforms.

In 2009, researchers failed to compromise the iPhone, confounding general expectations. This year, Iozzo and Weinmann had to put in extra effort to bypass the “code signing” and data execution prevention (DEP) technologies that prevent arbitrary code from running on the phone as well as defeat straightforward exploitation of buffer and heap overflow bugs. In order to achieve this result, they chained existing code bits in a technique commonly known as “return-into-libc” or “return-oriented-programming”.

It is the first time that this technique has been publicly demonstrated on a real-world telephone. The attack allowed them to execute code on the iPhone when a user visits a malicious website. The demonstrated attack code steals the SMS database from the phone, albeit other attack payloads are easily possible.

The organizers of the contest will communicate the details of the attack to the vendors and will not make the details of the attack public untill the vendors can properly patch it.

Vincenzo Iozzo’s research was supported by zynamics GmbH (www.zynamics.com), the leader in advanced reverse engineering and malware classification tools.

Ralf-Philipp Weinmann’s research was done in the framework of the Embedded Systems Security (ESS) project, supported by the Laboratory of Algorithmics, Cryptology and Security (LACS) at the University of Luxembourg (lacs.uni.lu).



LATEST ARTICLES



SUPPORT

We don't think that using an adblocker = piracy. That's simply not true. We use and recommend uBlock Origin.

However, as a small non-corporate website, we would appreciate it if you'd consider whitelisting FSM in your adblock of choice.

Alternatively, consider donating using the options below....

PayPal  
Monero (XMR) 43GnqUNJrTi9QyL7kEH8vM8pgWGCE6bjv1FSRipeNMM4TTeNnUVsRBb6MfMpQYxtLE7ReonxVVSXz2rFCEdW5H11LC3x73b
Bitcoin (BTC) 1Hfuq77gKKFJeNcq4EP4dQK3yDRWrFEwJR
Bitcoin Cash (BCH) qzmdm6e6q5wf2p6sxz2mst7cenz60newwc5m4e9js8
Ether (ETH) 0x5f02869278C24A6579d3820f52AD15936D6F9d69
Stellar (XLM) GDWT2QU2CI3GZ5XH5DTSU3IUAHZMTB6VQKKRHBYWS5YCCQOAG6OKG2OB
More content?  
Ads Blocker Image Powered by Code Help Pro

Congrats on using an adblocker. We mean it.

Please support us by disabling your AdBlocker or whitelist us.

Thank you! ❤️