Thomas Dullien, (l) CEO of Zynamics and Ralf Weinmann, of the University of Luxembourg hacking an iPhone at the Pwn2Own contest at CanSecWest in Vancouver Wednesday. At right is Aaron Portnoy, security research team lead with TippingPoint, the contest's sponsor. TippingPoint's Resarch Team Manager Pedram Amini looks on.
VANCOUVER, 24 MARCH 2010 - A delayed flight didn't stop Vincenzo Iozzo and Ralf Weinmann from scoring a cool US$15,000, a brand-new iPhone and a trip to Las Vegas at the annual Pwn2Own hacking contest in Vancouver on Wednesday.
The security researchers developed an undisclosed attack on the iPhone's mobile Safari browser to get access to a phone and then run a program that sent the phone's SMS messages to a Web server.
It is the first fully functioning attack on an iPhone since Apple released version 2 of the device in 2008, said Charlie Miller, the hacker who followed up Iozzo and Weinmann's hack by breaking into a MacBook Pro running Safari 4 on MacOS X Snow Leopard. His takeaway: the laptop and $10,000.
By the day's end, Pwn2Own competitors had hacked not just the iPhone and Safari, but also Internet Explorer 8 and the Firefox browser. Both IE 8 and Firefox were running on the Windows 7 operating system. IE was hacked by researcher Peter Vreugdenhil, and Firefox was claimed by a man identifying himself only as Nils. This is the same Nils who, last year, pocketed $15,000 after hacking IE, Firefox and Safari.
The iPhone attack got a lot of attention, however, because in last year's contest, Apple's smartphone did not get hacked.
Contest winners take home the device they hack, in addition to $10,000 in prize money for a Web browser attack and $15,000 for a mobile-device attack.
Google's Chrome browser, the BlackBerry, the Nexus One and the Nokia E72 are also included in the contest, but right now only one more contestant -- an anonymous hacker -- is on the schedule. He will take a shot at the Nokia phone on Thursday.
Apple introduced a number of advanced security measures with iPhone 2.0, including a "sandbox" in the device's kernel that restricts what hackers can do on a compromised machine, and a cryptographic code-signing requirement that makes it harder for them to run their initial malicious payload.
"When iPhone 2.0 came out, it became a lot harder" to hack the device, said Miller, who earned fame three years ago as the first person to hack the iPhone.
In fact, Weinmann said he had been set to compete in last year's Pwn2Own contest but had to abandon his plans at the last minute when he discovered his attack only worked on jail-broken phones, which have been hacked to run unapproved applications. Jail-breaking circumvents the iPhone's memory protections, but the Pwn2Own rules force contestants to use unmodified phones.
Sign up for Computerworld eNewsletters.