iPhone hacked in 20 seconds at Pwn2Own, SMS messages stolen through web

The CanSecWest Pwn2Own hacking contest in Vancouver has resulted in a number of exploits, from Charlie Miller taking down yet another MacBook through a critical hole in Apple’s Safari browser to successful attacks on Mozilla Firefox and Internet Explorer 8, but perhaps the most interesting was the iPhone attack.  European researchers Vincenzo Iozzo and Ralf Philipp Weinmann lured an iPhone to their web site and in just 20 seconds managed to compromise the phone and steal its entire SMS text message database, including deleted messages.

Through their exploit, Weinmann and Iozzo were able to bypass Apple’s sandbox and gain access to a user account in the iPhone operating system called “mobile.” Through this account, they could have accessed and stolen everything from the phone’s contact list to the email database, photos, and iTunes music and video files.

The current exploit crashes the Safari browser after stealing the data, but the researchers say they could build a version that would continuously steal information as the user — who wouldn’t know that anything was wrong — browsed the site.  “Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control,” Weinmann said.