A delayed flight did n’t cease Vincenzo Iozzo and Ralf Weinmann from scoring a nerveless $ 15,000 , a brand - new iPhone and a trip to Las Vegas at the annualPwn2Own chop contestin Vancouver on Wednesday .
The security researchers developed an undisclosed attack on the iPhone ’s peregrine Safari browser app to get access to a phone and then run away a program that sent the phone ’s SMS substance to a web server .
It is the first to the full functioning blast on an iPhone since Apple released version 2 of the twist in 2008 , said Charlie Miller , the hacker who espouse up Iozzo and Weinmann ’s machine politician by breaking into a MacBook Pro running Safari 4 on MacOS X Snow Leopard . His takeout food : the laptop and $ 10,000 .
Thomas Dullien, (l) CEO of Zynamics and Ralf Weinmann, of the University of Luxembourg hacking an iPhone at the Pwn2Own contest at CanSecWest in Vancouver Wednesday. At right is Aaron Portnoy, security research team lead with TippingPoint, the contest’s sponsor. TippingPoint’s Resarch Team Manager Pedram Amini looks on.
By the mean solar day ’s destruction , Pwn2Own challenger had hacked not just the iPhone and Safari , but also Internet Explorer 8 and the Firefox internet browser . Both IE 8 and Firefox were bleed on the Windows 7 operating system . IE was hacked by researcher Peter Vreugdenhil , and Firefox was take by a man identifying himself only as Nils . This is the same Nils who , last year , pocketed $ 15,000 after hack IE , Firefox and Safari .
The iPhone attack got a mint of care , however , because in last twelvemonth ’s contest , Apple ’s smartphone did not get hack .
competition winners take home the machine they hack , in increase to $ 10,000 in prize money for a World Wide Web internet browser attack and $ 15,000 for a mobile - twist attack .
Google ’s Chrome web browser app , the BlackBerry , the Nexus One and the Nokia E72 are also included in the contest , but mighty now only one more contestant — an anonymous hacker — is on the docket . He will take a shot at the Nokia phone on Thursday .
Apple introduced a number of forward-looking security measures with iPhone 2.0 , including a “ sandpile ” in the machine ’s kernel that restricts what cyberpunk can do on a compromised machine , and a cryptographic code - sign language requirement that makes it harder for them to run their initial malicious load .
“ When iPhone 2.0 derive out , it became a lot harder ” to hack the gadget , allege Miller , who earned celebrity three years ago as the first individual to hack on the iPhone .
In fact , Weinmann order he had been set to compete in last yr ’s Pwn2Own competition but had to abandon his plans at the last minute of arc when he discovered his flack only worked on pokey - broken phones , which have been hacked to melt down unapproved covering . Jail - break circumvents the iPhone ’s memory protections , but the Pwn2Own rule force protester to use unmodified phone .
The Pwn2Own contest pay contestants for their exploit code , which leverages software fault to give the aggressor a footing on the machine being attack . But because of the iPhone ’s sandpit computer architecture , Weinmann and Iozzo really spent much more time act upon on their payload software program .
To make their attack oeuvre , they used a technique called “ return - oriented programming , ” in which they essentially cobble together direction from different parts of the iPhone ’s memory . But even with this proficiency , the iPhone ’s sandpile restricted what they could do once they had hacked into the political machine .
Return - oriented computer programming has been around for more than a decade , but this attack is the first public demonstration of this proficiency on the Arm microprocessor , contest organizers say .
Iozzo and Weinmann were pick out by lot to be the first to try out their attack at the three - day hacking contest . But Iozzo was n’t actually at the league when his one-armed bandit came up . A delayed flight caused him tomiss his connectionto Vancouver , but a co - doer , Thomas Dullien ( better known as Halvar Flake ) , stood in for him at the contest .
Even though they tested the hack before the competition , Dullien and Weinmann lam into some trouble . “ The first try gave us an empty database , but that was probably due to a bug in our database , ” Weinmann said after pull ahead the booty . A second attempt was successful .
Run in co-occurrence with the CanSecWest security system group discussion , Pwn2Own has become a closely watched test of exploit - writing accomplishment , where professional hackers routinely show up and shew how prosperous it would be to break-dance into a information processing system running the latest software system .
The competition provides a mellow - profile demonstration of just how common exploitable package bugs really are , despite concerted effort by company such as Microsoft , Mozilla and Apple to shut up down their computer code .
CanSecWest and the Pwn2Own contest run through Friday .
