Jump to content

Pwn2own day 2: iPhone 4 successfully hacked


nsane.forums

Recommended Posts

nsane.forums

On the second day of the pwn2own competition in Vancouver B.C., hackers took to their devices and showed off what they have secretly been working on. After a successful first day, where we saw Safari running on Snow Leopard and Internet Explorer 8 running on Windows 7 SP1, now the focus turned to the iPhone 4 and iPad.

ZDnet met up with Charlie Miller, the hacker who managed to steal contacts from the iPhone's phone book using a flaw in the mobile version of Safari. Miller managed to bypass the iPhone's DEP (Data Execution Prevention) to gain access to a users contacts, but only after the Safari browser crashed once.

The iPhone 4 was running iOS 4.2.1, but Miller said the exploit will fail against iOS 4.3, the latest firmware update for iDevices. Miller said that the exploit still exists in iOS 4.3, but Apple has added ASLR (Address Space Layout Randomization) to the latest firmware update, adding another roadblock for hackers to bypass.

This isn't the first time Miller has successfully managed to hack an iPhone; back in 2007, Miller managed to hack into the iPhone 2G. In 2009, Miller was able to create a script that read entire chatlogs of your SMS messages, address book, call history and voicemail data.

Next up, is the BlackBerry, Samsung Nexus S, and Dell Venue Pro 7. GeoHot was originally supposed to show to help crack the Dell Venue Pro 7, but backed out last minute to help focus on his court case with Sony.

view.gif View: Original Article

Link to comment
Share on other sites


  • Replies 2
  • Views 1.5k
  • Created
  • Last Reply
  • Administrator

Pwn2Own 2011: BlackBerry falls to WebKit browser attack

6Qenzl.jpg

Vincenzo Iozzo (left), Pwn2Own official Aaron Portnoy and Willem Pinckaers exploiting the BlackBerry.

Research in Motion's recent decision to add a WebKit browser to BlackBerry has immediately backfired. A trio of security researchers used the spotlight of the CanSecWest Pwn2Own contest here to exploit multiple WebKit vulnerabilities in an impressive browser attack against a BlackBerry Torch 9800 smart phone.

The team — Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann — chained an information disclosure bug to a separate integer overflow flaw in the open-source WebKit to hack the BlackBerry device and steal the contact list and image database. (Ed's note: Iozzo and Weinmann won last year's Pwn2Own by hacking into the iPhone).

The attack was particularly impressive because there is no public documentation on the inner workings of the BlackBerry operating system and the team had to run several trial-and-error techniques to create a reliable code execution exploit.

During the attack, the team set up a specially rigged web page that fired the exploit at the BlackBerry browser. In addition to hijacking the contact list and copying images from the device, Iozzo and Pinckaers also wrote a file to the device to demonstrate full code execution.

Iozzo explained that the exploit was created without using a debugger, the utility used by programmers to locate and correct programming errors. "The BlackBerry is a system no one knows anything about. We know there's a browser and a Java virtual machine. We had to assume that once we take over the browser, we can get further into the system," Iozzo said.

While planning the attack scenario, the researchers used a small information leakage bug to see small parts of the device memory and used that information to plot the way the exploit was laid out.

The team did not have to jump through any anti-exploit mitigation hoops (the Blackberry does not have ASLR or DEP) but Iozzo said multiple bugs had to be chained together to see how the attack code was communicating with the rest of the system.

The attack was successful against BlackBerry firmware version 6.0.0.246. Pinckaers said RIM recently shipped a firmware update but he has since confirmed that the WebKit flaw remains unpatched.

RIM's security response team was on hand to witness the attack. Immediately after, director of security response Adrian Stone said he would work with the contest organizers to verify that the vulnerabilities work against the most recent firmware version.

"It happens. It's not what you want but there's no such thing as zero code defects," Stone said in response to the BlackBerry hack.

He said RIM's security incident response team will analyze the issue, determine whether it's a true zero-day flaw and immediately start work on engineering a fix. Once the fix is created, RIM works with carrier partners to release patches to end users.

Stone confirmed that the BlackBerry does not contain ASLR or DEP but said the company is looking at adding these security enhancements to future BlackBerry versions.

While the research team acknowledged that the BlackBerry benefits from obscurity, Iozzo said the absence of ASLR, DEP and code signing has put the device "way behind the iPhone" from a security perspective.

"The advantage for BlackBerry is the obscurity. It makes it a bit harder to attack a system if you don't have documentation and information," Iozzo said.

view.gif View: Original Article

Link to comment
Share on other sites


Nothing in the virtual world is "unhackable". The human mind is always up for a challenge and there will always be people who find a way to exploit vurnabilities and write malicious codes.

Anyways, great article shares, guys! :)

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...