Smartphones might have proved to be a tough nut to crack at last year’s CanSecWest Pwn2Own, but the same cannot be said for 2010 as two European hackers were able to gain control of a stock iPhone’s SMS database. The hack, which takes 20 seconds to execute by having the iPhone visit an infected website, allows its SMS messages — including those which had been deleted — to be uploaded to a predetermined server. If that’s not enough to make paranoid iPhone users soil their pants, the same exploit is also said to be able to access to a user’s address book, emails, photos and music all without leaving the iPhone sandbox. Naturally these sort of hacking developments are a bit frightening, but the good news is the hackers will hand their findings to Apple and keep mum on specifics while the Cupertino company does a bit of spackling with its iPhone OS. More →
Hackers taking part in a friendly competition aimed at highlighting OS and software vulnerabilities did some real damage to a variety of computer-based web browsers — including Safari, which took all of 10 seconds to bust on a MacBook — but where smartphones are concerned, the hackers were stumped. The competition took place at CanSecWest in Vancouver, Canada and big cash prizes were up for grabs. In fact, each successful execution of an attack on a smartphone was worth a cool $10,000. Apparently the closest someone came however, was a BlackBerry Bold exploit attempt that failed despite reportedly having worked on a Storm in the past. There was also an exploit performed on Safari for Mac that is thought to work on the iPhone as well but the iPhone hack was not attempted; the rules of the contest stated that each exploit could be used only once. In the end, not a single contestant was able to crack a smartphone during the two-day hackathon. Good news though, hackers, as CanSecWest and ZDI have already stated that smartphones will be included once again in next year’s competition. That gives you about 12 months to hone those skills and put those tiny mobile processors to work.
[Via heise online]