Pwn2own day 2: iPhone 4 successfully hacked

On the second day of the pwn2own competition in Vancouver B.C., hackers took to their devices and showed off what they have secretly been working on. After a successful first day, where we saw Safari running on Snow Leopard and Internet Explorer 8 running on Windows 7 SP1, now the focus turned to the iPhone 4 and iPad.

ZDnet met up with Charlie Miller, the hacker who managed to steal contacts from the iPhone's phone book using a flaw in the mobile version of Safari. Miller managed to bypass the iPhone's DEP (Data Execution Prevention) to gain access to a users contacts, but only after the Safari browser crashed once.

The iPhone 4 was running iOS 4.2.1, but Miller said the exploit will fail against iOS 4.3, the latest firmware update for iDevices. Miller said that the exploit still exists in iOS 4.3, but Apple has added ASLR (Address Space Layout Randomization) to the latest firmware update, adding another roadblock for hackers to bypass.

This isn't the first time Miller has successfully managed to hack an iPhone; back in 2007, Miller managed to hack into the iPhone 2G. In 2009, Miller was able to create a script that read entire chatlogs of your SMS messages, address book, call history and voicemail data.

Next up, is the BlackBerry, Samsung Nexus S, and Dell Venue Pro 7. GeoHot was originally supposed to show to help crack the Dell Venue Pro 7, but backed out last minute to help focus on his court case with Sony.

Report a problem with article
Previous Story

Microsoft details the complicated WP7 update process

Next Story

Google introduces site blocking

50 Comments

Commenting is disabled on this article.

The big companies like Microsoft and Apple will actually buy vulnerabilities from hackers etc.

You write in to tell them you've discovered an exploit and what this exploit can do, they'll buy the exploit off you by you telling them how it was done, so they can patch it.

Depending on how serious it it, they can pay out anywhere between a few thousand dollars, to a few hundred thousand.

Benjy91 said,
The big companies like Microsoft and Apple will actually buy vulnerabilities from hackers etc.

You write in to tell them you've discovered an exploit and what this exploit can do, they'll buy the exploit off you by you telling them how it was done, so they can patch it.

Depending on how serious it it, they can pay out anywhere between a few thousand dollars, to a few hundred thousand.

It almost seems like extortion. Pay up or I will taddle and ruin you.

capr said,
I love stuff like this. companies should encourage competitions and "talent" shows like this.

It's called the Federal Government. You get caught and are good enough, they actually offer you a job or jail time.

You don't have to work on a hack for Smartphones. All that is needed is to get the "kill switch" code for iPhone, WP7, Android, Blackberry, WebOS, Kindle.. to gain root access and hijack all data or wipe the smartphone clean. :-)

alexalex said,
You don't have to work on a hack for Smartphones. All that is needed is to get the "kill switch" code for iPhone, WP7, Android, Blackberry, WebOS, Kindle.. to gain root access and hijack all data or wipe the smartphone clean. :-)

Here you go, I found it: 1Ð107. Enjoy

To my little knowledge... they are hacking iOS, not an iPhone 4, since the software is the same for iPhone 3GS and almost iPad. It's not like they are messing with the hardware? Or am I missing something.

So lame,every hacker can do stuff the tech company should have expected or just simply ignore the fact that their security expectise ain't good enough to defend againts hacker. What's this suppose to mean for the user? Waiting to get hack ? Apple?

still1 said,
one more day to go. chrome still not hacked.

Chrome won't be hacked for the 3rd year in a row as no one was up to the challange even after Google' $20,000 reward.

alexalex said,

Chrome won't be hacked for the 3rd year in a row as no one was up to the challange even after Google' $20,000 reward.


One researches discovered some vulnerability, but thought it was against the rules (it wasn't). He sent it to Google and only got $1337 (their standard reward).

RealFduch said,

One researches discovered some vulnerability, but thought it was against the rules (it wasn't). He sent it to Google and only got $1337 (their standard reward).

Source??? just an fyi chrome need two vulnerability to hack. one to get out of sandbox and other to do remote code execution so that one vulnerability wouldnt have brought down chrome. also it get difficult with the random addressing.

tanjiajun_34 said,
GeoHotz still cannot hack WP7....
That guy so love to show off then he is going to hack WP7 but failed so far...

It's hard to hack when all your computers are stolen by Sony.

tanjiajun_34 said,
GeoHotz still cannot hack WP7....
That guy so love to show off then he is going to hack WP7 but failed so far...
Opps I forget to read this...
GeoHot was originally supposed to show to help crack the Dell Venue Pro 7, but backed out last minute to help focus on his court case with Sony.

On a unrelated note, How often is Pwn2Own? I keep seeing this competition, it's almost like they have it every 3 months or something

noPCtoday said,
On a unrelated note, How often is Pwn2Own? I keep seeing this competition, it's almost like they have it every 3 months or something
Once a year since 2007.

Article said,
After a successful first day, where we seen Safari running on Snow Leopard and Internet Explorer 8 running on Windows 7 SP1,

Wait what? These guys are geniuses!

NesTle said,

thats no a secrity risk thats a code 18 error
if your stupid enough to install this you deserve it...

This is a perfect example of the sort of attitude that ultimately prevents open source OS's from reaching their full market share potential. Keep "winning", Charlie!

Are we going to start installing firewalls on our iOS devices (through Cydia)?
or Apple it's gonna improve security?

mjedi7 said,
Are we going to start installing firewalls on our iOS devices (through Cydia)?
or Apple it's gonna improve security?

If someone is talented and dedicated enough they will always be able to 'hack' a device. Vulnerabilities will always be found, just as they have to jailbreak iOS, root android and unlock WP7. Its conventions like these which help bring the most dangerous flaws to light for manufacturers to patch. Personally I'm not too worried about the security of my OS, a little attention to what you're installing goes a long way.

mjedi7 said,
Are we going to start installing firewalls on our iOS devices (through Cydia)?
or Apple it's gonna improve security?

Apple just improve it with 4.3 and ASLR

mjedi7 said,
Are we going to start installing firewalls on our iOS devices (through Cydia)?
or Apple it's gonna improve security?

The probability that you come up in real life with a person with enough knowledge to hack your iDevice does not deserve a firewall at most just a patch, my advice to you is: if you happen to be on a computer geeks or hackers convention avoid their free wifi service.

Ryoken said,
Shouldn't they be hacking against the current, updated OS/Browser versions for it to really matter ?

Oh definitely! We also all update devices to the latest version as soon as it comes out. Like 1 sec after firmware release all the world is updated...

Ryoken said,
Shouldn't they be hacking against the current, updated OS/Browser versions for it to really matter ?

From what it sounds like, the hacking was something in development for an extended period of time. Considering that iOS 4.3 was just released it makes sense that the hack was meant for iOS 4.2.

Ryoken said,
Shouldn't they be hacking against the current, updated OS/Browser versions for it to really matter ?

MOST people don't regularly keep their software up-to-date, so not sure they're worried about the latest and greatest.

kabix said,
Oh definitely! We also all update devices to the latest version as soon as it comes out. Like 1 sec after firmware release all the world is updated...

It's not the point. They need to see if Apple did a great job. You can see they haven't in previous versions of the firmware, but really, what's the point in testing an older firmware?

Why don't they try to hack Windows 98 while we're at it, some people still haven't updated.

PyX said,

It's not the point. They need to see if Apple did a great job. You can see they haven't in previous versions of the firmware, but really, what's the point in testing an older firmware?

Why don't they try to hack Windows 98 while we're at it, some people still haven't updated.

you are really thick arent you?

Tanshin said,

From what it sounds like, the hacking was something in development for an extended period of time. Considering that iOS 4.3 was just released it makes sense that the hack was meant for iOS 4.2.

Fair point, I'll accept that..

As for the rest, most people update when they are told too, be it Windows with the popup ( or just doing it it's self when they reboot ) or iOS when they plug it in.. Not as common with the tech-savvy.. But still done by most people.

Ryoken said,
Shouldn't they be hacking against the current, updated OS/Browser versions for it to really matter ?

The exploit still exists in the latest version, he just didn't have time to circumvent ASLR because 4.3 just came out.

Ryoken said,

As for the rest, most people update when they are told too, be it Windows with the popup ( or just doing it it's self when they reboot ) or iOS when they plug it in.. Not as common with the tech-savvy.. But still done by most people.

Well you're wrong there buddy. Only Tech-Savvy users update their devices. I'm the only tech-savvy person among my friends and family. Whenever I use anybody else' computers, everything is always out-of-date. I even set it up to automatically update for them, but they always change it back because it interferes with whatever they're doing while using the computer. NonTech-Savvy people don't like to be bothered with waiting 5 minutes to 30 minutes for an update to finish downloading or installing. And that is Most People.

duhk said,

Well you're wrong there buddy. Only Tech-Savvy users update their devices. I'm the only tech-savvy person among my friends and family. Whenever I use anybody else' computers, everything is always out-of-date. I even set it up to automatically update for them, but they always change it back because it interferes with whatever they're doing while using the computer. NonTech-Savvy people don't like to be bothered with waiting 5 minutes to 30 minutes for an update to finish downloading or installing. And that is Most People.

Forget about the wait, you should hear what I have just because they need to reboot their systems. I've had people hand up on me because they refuse to reboot their machines.

z0phi3l said,

Forget about the wait, you should hear what I have just because they need to reboot their systems. I've had people hand up on me because they refuse to reboot their machines.

Rebooting is a windows thing. It fixes the problem until you load it again after reboot.

Jebadiah said,
Does we need Pwn2own for that? Malwares for Android are hosted on Google Code under Apache License. LOL http://venturebeat.com/2011/03...p-is-infected-with-malware/

First they used an exploit in the phones browser so it didn't require the user to install anything, however the android exploit you link to is an exploit that you get from using market places other than googles own android marketplace, which tbh is your own fault really if you do not check this stuff out before installing it