A group of hackers have managed to hack the SMS database on the Apple iPhone in under twenty seconds. The pair Vincenzo Iozzo and Ralf Philipp Weinmann hacked the iPhone SMS database at the CanSecWest Pwn2Own hacking contest.
The pair used an exploit that was previously unknown, and sent the iPhone’s Safari browser to a website that contains some rigged code. One the iPhone had reached the website, the site is able to copy the contents of the SMS database in under twenty seconds.
“Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control,” Weinmann explained. Iozzo, who had flight problems, was not on hand to enjoy the glory of being the first to hijack an iPhone at the Pwn2Own challenge.”
The pair were able to retrieve all SMS message from the hacked iPhone including ones that were deleted. It looks like it would also be possible to use this exploit to grab contact lists, email addresses and even photos from the hacked iPhone.
It looks like you won’t have to worry about this happening to your iPhone as Vincenzo Iozzo and Ralf Philipp Weinmann have passed the vulnerability information onto Apple so we can expect a patch in the near future to stop this sort of thing happening.
via Gadget Venue