iPhone hacked via Safari mobile

In this year’s CanSecWest Pwn2Own hacking contest, Vincenzo Iozzo and Ralf Philipp Weinmann showed how they were able to hack into an iPhone and grab the entire SMS database including messages that were already deleted. They said that with their exploit, they can also get the phone’s contact list, e-mail database, photographs and even the music files.

iPhone hacked

Weinmann explained that when a user visits a page from their site, it will grab the SMS database and upload it to their server. What’s bad (or good however you want to see it) about this exploit is that even if it is only restricted to the iPhone sandbox, it can still do a lot of damage.

How did they do it? Obviously they won’t share but they won a $15,000 cash price for turning over their hack. iPhone users (and maybe even iPod Touch) should expect a patch in the near future.

Safari isn’t as secure as we thought as Charlie Miller once again hacked into a Macbook via its browser.

[via ZDnet]
For more technology news and gadget reviews, follow us on Facebook, Twitter and Instagram