A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted.
Using an exploit against a previously unknown vulnerability, the duo -- Vincenzo Iozzo and Ralf Philipp Weinmann -- lured the target iPhone to a rigged Web site and exfiltrated the SMS database in about 20 seconds.
The exploit crashed the iPhone's browser session but Weinmann said that, with some additional effort, he could have a successful attack with the browser running.
"Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control," Weinmann explained.
"This exploit doesn't get out of the iPhone sandbox," Flake explained, noting that an attacker can do enough damage without escaping from the sandbox. [...] In addition to hijacking the SMS database, Weinmann said the winning Pwn2Own exploit could have exfiltrated the phone contact list, the email database, photographs and iTunes music files. In the iPhone sandbox, Weinmann said there's a non-root user called `mobile' with certain user privileges. "With this exploit, I can do anything that `mobile' can do."
iPhone hacked, SMS database hijacked
Current Music: Kenickie -- Spies ♬