The iPhone 4S was hacked using a Safari exploit in the yesterday’s Pwn2Own contest in Amsterdam.
In most cases iPhones are fairly secure. Not very often do we see major security threats on the system. Amsterdam’s Pwn2Own contest served to show that the iPhone, even with its update to iOS 6, does have its vulnerabilities.
A team of Dutch security researchers created a Safari hack from scratch in the course of three weeks. The hack took advantage of a Safari exploit that after the device loaded a website the team created. The website used a zero-day WebKit exploit to gain access to an iOS device without the owner’s permission or knowledge.
According to a ZDNet report, this website does a drive-by download without crashing the browser, allowing the server to upload data without a user’s knowledge. The attack then allowed the team to gain access to the address book, photo/video folder, and the browsing history of the iPhone 4S. Even with the update to iOS 6 yesterday, the vulnerability still exists.
The group of researchers won $30,000 in the contest for their exploit, and then immediately deleted it. They passed the information regarding the exploit on to Apple.