Hack iPhone for 20 seconds

Two European security experts won the Pwn2Own contest after only 20 seconds to successfully break into and steal the SMS data of an iPhone.

In the annual hack contest called Pwn2Own , two security researchers Vincenzo Iozzo and Ralf Philipp Weinmann accepted the organizers' challenge, attacking an iPhone phone that was patched with all the holes. . As a result, after only 20 seconds, they successfully hacked into the iPhone's SMS (SMS) database system and can read the contents freely, including those deleted by the user. go.

According to two winners, they succeeded thanks to an unpublished flaw and wrote a code to exploit the vulnerability.

The biggest failure of this hack was that they caused the iPhone web browser to be ' hung ' but Weinmann said it was not difficult because it only took a few more seconds to hack it successfully and keep it The browser works normally.

The mechanism of this attack is to break into the browser, automatically redirecting user access to a fake website created by the author . When accessing that website, all SMS data in the iPhone will automatically be transferred to the server, including deleted SMS.

Weinmann, 32, from Luxembourg University cooperates with Iozzo, a 22-year-old Italian security researcher. They said it took two weeks to write a program to exploit the vulnerability on the iPhone.

Halvar Flake, a well-known security expert, said that the two authors' biggest " victory " was that they had overcome the authentication mechanism that Apple applied on the iPhone.

" This shows that the attacker doesn't need to break in too deeply and still" cause enough damage "for the iPhone owner ," Flake said.

Specialist Aaron Portnoy of TippingPoint Zero Day Initiative (the company sponsoring the Pwn2Own competition), described the attack as " very impressive ".

Weinmann and Iozzo received a $ 15,000 bonus and kept the iPhone they hacked successfully.