Apple’s iOS software and hardware have been relatively safe for users to use, but that does not mean hacks cannot happen. Two clever minds during a Pwn2Own contest were able to hack a fully patched iPhone 4S to gain a slew of information from the device, reported ZdNet. The hackers, Joost Pol and Daan Keuper, were able to find vulnerability in WebKit that allowed them to hi-jack photos, videos, address book contacts, and browsing history right from the phone. The two earned a $30,000 cash-prize for performing what they call “a clean hack.”
Once the vulnerability in WebKit was found, the hackers said they put many things together in about three weeks to write an exploit to hack the iPhone 4S. The two found that the exploit developed also worked for iOS 6 (released today) and all previous versions of iOS devices. The hacking duo was not able to gain access to users’ SMS or emails. Here are the technical specifics, per ZdNet:
The exploit itself took some jumping around. With the WebKit bug, which was not a use-after-free flaw, the researchers had to trigger a use-after-free scenario and then abuse that to trigger a memory overwrite. Once that was achieved, Pol and Keuper used that memory overwrite to cause a read/write gadget, which provided a means to read/write to the memory of the iPhone. “Once we got that, we created a new function to run in a loop and used JIT to execute the code without signing,” Keuper explained.
While Pol and Keuper could use the hack for harm, the two said the exploit has already been destroyed. Pol told ZdNet: “We shredded it from our machine. The story ends here, we’re not going to use this again. It’s time to look for a new challenge.” They further added that iOS is definitely the most secure mobile platform around thanks to Apple’s strict guidelines.
Luckily, the exploit did not fall into the wrong hands.