WELCOME!!: Dutch Team Hacks iOS From Scratch In Just Three Weeks

Thursday, September 20, 2012

Dutch Team Hacks iOS From Scratch In Just Three Weeks

A hacking contest called Pwn2Own has recently challenged participants to hack the iPhone from scratch, and they’ve offered $30,000 to the team who can do it. That prize has now been claimed by a pair of Dutch security experts, who managed to infiltrate the iPhone operating system in just three weeks.

In an interview with ZDNet, Joost Pol, one half of the hacking duo said,”It took about three weeks, starting from scratch, and we were only working on our private time.” The exploit they’ve created in those three weeks uses a Webkit exploit to steal your address book, photos, videos and browsing history – and it works on a fully up-to-date iOS build.
“We specifically chose this [exploit] because it was present in iOS 6 which means the new iPhone coming out today will be vulnerable to this attack,” Pol said in his interview with ZDNet.
While that may sound like a scary proposition, the exploit does rely on you navigating to a specific website in order to infect your device. It also doesn’t grant access to your text messages or email inbox, so most of your important data is still inaccessible. The hackers responsible for the exploit say that despite the existence of this vulnerability, iOS is still the most secure mobile platform right now.

“It just shows how much you should trust valuable data on a mobile device. It took us three weeks, working from scratch, and the iPhone is the most advanced device in terms of security. Even the BlackBerry doesn’t have all the security features that the iPhone has. For example, BlackBerry also uses WebKit but they use an ancient version. With code signing, the sandbox, ASLR and DEP, the iPhone is much, much harder to exploit,” explained the Dutch hacker.
Fortunately for all iPhone owners, the hackers destroyed the exploit they had created once the contest was over. They have no intentions of releasing it into the wild, but are quick to point out that any motivated attacker can accomplish what the did.