Annual Pwn2Own contest gives various hackers and security experts the opportunity to win over $100,000 USD by hacking various browsers and cell phones available in the market. Nearly all famous web-browsers including IE8, Safari and Firefox were hacked in the contest this year. Not only this but the famous iPhone's SMS database was also hacked within 20 seconds.
Browser Exploitation Challenge
In browser exploitation challenge the four browsers available for target were:
- Microsoft Internet Explorer (Version 8 on Windows 7, Version 7 on Vista and XP)
- Mozilla Firefox 3
- Google Chrome 4
- Apple Safari 4
$40,000 prizes were allocated for hacking the above browsers. All web-browser attacks were achieved by having the browser to visit a malicious web site. The details for prizes are as follows:
- Charlie Miller, principal security analyst at Independent Security Evaluators, won $10,000 for hacking Safari on a MacBook Pro without physical access to the machine.
- Nils (last name not known), head of research at UK-based MWR InfoSecurity, won $10,000 for hacking Firefox.
- Peter Vreugdenhil, independent security researcher, won $10,000 for hacking Internet Explorer 8.
Cell Phone Hack Challenge
Following 4 cell phones were selected for the mobile hack challenge.
- Apple iPhone
- RIM Blackberry
- Nokia Symbian
- Google Android
Vincenzo Iozzo and Ralf-Philipp Weinmann won $15,000 prize for hacking the famous Apple's iPhone by stealing its entire SMS database including even deleted messages. Like browser-hacks, they hacked iPhone by visited a malicious website they’d set up through the stock iPhone browser which uploaded the local SMS database to the server and then crashed the web-browser. Iozzo came, just when the contest was just winding down :P
Some words by Iozzo and Weinmann
The exploit was written to bypass the digital code signatures used on the iPhone to verify that the code in memory is from Apple. The exploit then looked for chunks in Apple's code that could be pieced together to accomplish the attack.
According to the experts, if the SMS database is accessible through this hack, these two hackers will be very much capable of stealing your contacts, photos, and other data on your iPhone. So never be assured that your iPhone is safe from such hackers ;)