iPhone 4S Falls at Hacker Contest; New iPhone 5 Vulnerable to Same Exploit

Two security researchers have already chipped the armor of the new iPhone, scheduled for release tomorrow.Joost Pol and Daan Keuper won the mobile Pwn2Own contest yesterday at EUSecWest event in Amsterdam by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.

iPhoneTwo security researchers have already chipped the armor of the new iPhone, scheduled for release tomorrow.

Joost Pol and Daan Keuper won the mobile Pwn2Own contest yesterday at EUSecWest event in Amsterdam by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.

The pair was able to build an exploit for a vulnerability in WebKit to beat Apple’s code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, meaning iPhone 5 is vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable, Pol and Keuper said, adding that it took them three weeks find the flaw and write an exploit.

A Samsung Galaxy S3 phone running Android, was also hacked at the same event by researchers from MWR Labs, part of MWR InfoSecurity, an English consultancy and service provider.

The duo won $30,000 for their efforts.

This is not the first successful compromise of the iPhone. Researcher Charlie Miller, who recently joined the Twitter security team, is a four-time winner of Pwn2Own and in 2011 successfully hacked an iPhone 4.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.