iPhone 3GS vulnerable to drive by data-stealing hack

iphoneworm

One again an Apple product was the first to fall at the annual CanSecWest Pwn2Own hacking contest.

Yesterday a fully patched iPhone was hijacked and the entire SMS database, including text messages was stolen after simply visiting a specially crafted web page.

Using an exploit which only took 2 weeks to write, Vincenzo Lozzo and Ralf Philipp Weinmann lured the target iPhone to a rigged Web site and downloaded the SMS database in about 20 seconds.

“Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control,” Weinmann explained. 

Even the iPhone’s code signing protection was not sufficient to mitigate the attack.

“Apple has pretty good counter-measures but they are clearly not enough.  The way they implement code-signing is too lenient,” said Halvar Flake, a renowned security researcher.

In addition to hijacking the SMS database, Weinmann said the winning Pwn2Own exploit could have easily downloaded the phone contact list, the email database, photographs and iTunes music files.

“With this exploit, I can do anything that ‘mobile’ can do.”

“It was a real world exploit against a popular device.” said Aaron Portnoy, a security researcher at TippingPoint Zero Day Initiative. “They exfiltrated the entire SMS database in about 20 seconds. It was as if a Web page was loading.”

The iPhone was recently the subject of a widespread worm attack after hackers breached security using a widely known network password present on Jailbroken devices.  On this occasion however all iPhones, not just jailbroken ones are vulnerable, and are awaiting a hopefully urgent patch from Apple.

Via ZDNet.com

Comments