In this year’s CanSecWest Pwn2Own hacking contest, Vincenzo Iozzo and Ralf Philipp Weinmann showed how they were able to hack into an iPhone and grab the entire SMS database including messages that were already deleted. They said that with their exploit, they can also get the phone’s contact list, e-mail database, photographs and even the music files.
Weinmann explained that when a user visits a page from their site, it will grab the SMS database and upload it to their server. What’s bad (or good however you want to see it) about this exploit is that even if it is only restricted to the iPhone sandbox, it can still do a lot of damage.
How did they do it? Obviously they won’t share but they won a $15,000 cash price for turning over their hack. iPhone users (and maybe even iPod Touch) should expect a patch in the near future.
Safari isn’t as secure as we thought as Charlie Miller once again hacked into a Macbook via its browser.