iPhone falls in Pwn2Own hacking contest

Hackers bypassed tough security measures introduced in iPhone 2.0

A delayed flight didn't stop Vincenzo Iozzo and Ralf Weinmann from scoring a cool US$15,000, a brand-new iPhone and a trip to Las Vegas at the annual Pwn2Own hacking contest in Vancouver on Wednesday.

The security researchers developed an undisclosed attack on the iPhone's mobile Safari browser to get access to a phone and then run a program that sent the phone's SMS messages to a Web server.

It is the first fully functioning attack on an iPhone since Apple released version 2 of the device in 2008, said Charlie Miller, the hacker who followed up Iozzo and Weinmann's hack by breaking into a MacBook Pro running Safari 4 on MacOS X Snow Leopard. His takeaway: the laptop and $10,000.

By the day's end, Pwn2Own competitors had hacked not just the iPhone and Safari, but also Internet Explorer 8 and the Firefox browser. Both IE 8 and Firefox were running on the Windows 7 operating system. IE was hacked by researcher Peter Vreugdenhil, and Firefox was claimed by a man identifying himself only as Nils. This is the same Nils who, last year, pocketed $15,000 after hacking IE, Firefox and Safari.

The iPhone attack got a lot of attention, however, because in last year's contest, Apple's smartphone did not get hacked.

Contest winners take home the device they hack, in addition to $10,000 in prize money for a Web browser attack and $15,000 for a mobile-device attack.

Google's Chrome browser, the BlackBerry, the Nexus One and the Nokia E72 are also included in the contest, but right now only one more contestant -- an anonymous hacker -- is on the schedule. He will take a shot at the Nokia phone on Thursday.

Apple introduced a number of advanced security measures with iPhone 2.0, including a "sandbox" in the device's kernel that restricts what hackers can do on a compromised machine, and a cryptographic code-signing requirement that makes it harder for them to run their initial malicious payload.

"When iPhone 2.0 came out, it became a lot harder" to hack the device, said Miller, who earned fame three years ago as the first person to hack the iPhone.

In fact, Weinmann said he had been set to compete in last year's Pwn2Own contest but had to abandon his plans at the last minute when he discovered his attack only worked on jail-broken phones, which have been hacked to run unapproved applications. Jail-breaking circumvents the iPhone's memory protections, but the Pwn2Own rules force contestants to use unmodified phones.

The Pwn2Own contest pays contestants for their exploit code, which leverages software flaws to give the attacker a foothold on the machine being attacked. But because of the iPhone's sandbox architecture, Weinmann and Iozzo actually spent much more time working on their payload software.

To make their attack work, they used a technique called "return-oriented programming," in which they essentially cobble together instructions from different parts of the iPhone's memory. But even with this technique, the iPhone's sandbox restricted what they could do once they had hacked into the machine.

Return-oriented programming has been around for more than a decade, but this attack is the first public demonstration of this technique on the Arm microprocessor, contest organizers say.

Iozzo and Weinmann were selected by lot to be the first to try out their attack at the three-day hacking contest. But Iozzo wasn't actually at the conference when his slot came up. A delayed flight caused him to miss his connection to Vancouver, but a co-worker, Thomas Dullien (better known as Halvar Flake), stood in for him at the contest.

Even though they tested the hack before the contest, Dullien and Weinmann ran into some trouble. "The first try gave us an empty database, but that was probably due to a bug in our database," Weinmann said after winning the prize. A second attempt was successful.

Run in conjunction with the CanSecWest security conference, Pwn2Own has become a closely watched test of exploit-writing skills, where professional hackers routinely show up and demonstrate how easy it would be to break into a computer running the latest software.

The contest provides a high-profile demonstration of just how common exploitable software bugs really are, despite concerted efforts by companies such as Microsoft, Mozilla and Apple to lock down their code.

TippingPoint, a security company that sponsors the contest, runs a program that pays hackers for working exploit code. According to Aaron Portnoy, TippingPoint's security research team lead, software makers have introduced techniques that make it harder to hack their products, but there are still plenty of bugs out there.

CanSecWest and the Pwn2Own contest run through Friday.

Join the PC World newsletter!

Error: Please check your email address.

Tags securityiPhonepwn2own

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?