Pwn2Own: iPhone 4 Running iOS 4.2.1 Successfully Hacked

At the pwn2own competition in Vancouver B.C., on the second day, the focus turned to the iPhone 4 and iPad. A hacker, Charlie Miller, renowned for his work breaking into MacBook machines with Safari vulnerabilities and exploits, took aim at Apple's iPhone device, and managed to steal contacts from the iPhone's phone book using a […]

At the pwn2own competition in Vancouver B.C., on the second day, the focus turned to the iPhone 4 and iPad.

A hacker, Charlie Miller, renowned for his work breaking into MacBook machines with Safari vulnerabilities and exploits, took aim at Apple's iPhone device, and managed to steal contacts from the iPhone's phone book using a flaw in the mobile version of Safari. Miller managed to bypass the iPhone's DEP (Data Execution Prevention) to gain access to a users contacts, but only after the Safari browser crashed once.

The attack simply required that the target iPhone surfs to a rigged web site. On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.

Hacked iPhone 4 was running iOS 4.2.1, but Miller said the exploit will fail against iOS 4.3, the latest firmware update for iDevices.

Miller said that the exploit still exists in iOS 4.3, but Apple has added ASLR (Address Space Layout Randomization) to the latest firmware update, adding another roadblock for hackers to bypass.

"As of 4.3, because of the new ASLR, it will be much harder," Miller added.

Miller and Blazakis won a $15,000 cash prize and kept the hijacked iPhone 4.

Next up, is the BlackBerry, Samsung Nexus S, and Dell Venue Pro 7. GeoHot was originally supposed to show to help crack the Dell Venue Pro 7, but backed out last minute to help focus on his court case with Sony.

[Source]