Pwn2Own Contest: iPhone, Safari Fall
0Hacking competitions are one of the most exciting geeky events around. They also are tremendous help for companies that are hoping to improve their products and provide a more secure environment for their customers. Pwn2Own contest, which was sponsored by Tipping Point’s Zero Day Initiative, gave hackers the chance to win what they hack. The prize also includes cash, so it’s certainly worth hackers’ while, and it’s fun too. The event may not be as comprehensive as the Black Hat Conference, but it could still help companies such as Apple figure out what security issues they need to worry about. Firefox, Safari, and Apple products were all up for hacking during the event and not surprisingly, it did not take hackers too long to find issues with the iPhone and Safari.
Charlie Miller was the big winner at this event. He managed to hack Safari running on a Macbook (with Max OS Snow Leopard). For his troubles, he was paid $10,000 and a Macbook to go with the cash. iPhone was hacked during the event as well. Vincenzo IozzoZynamics and Ralf Philipp Weinmann from the University of Luxembourg managed to conquer the iPhone from with malicious web code. The attack involved picking up SMS database from iPhone and forwarding it to a third-party server.
Following these hacking events is truly an eye opener. Many Apple fans have come to believe that the platform their Apple devices is running on is 100% foolproof. That could not be further from the truth. No piece of software is perfect, no matter who is behind it. The fact that the winners of this contest could potentially send photos, text messages, and other private information to a third-party server indicates that we all should be careful with what we visit on our iPhones and avoid storing super sensitive information on our phones.
These ethical hackers may be kind enough to let us know what security issues we need to worry about. But there are plenty of black hat hackers who won’t hesitate to steal your financial or sensitive information and somehow find a way to make money off of their victims. Understanding what you should and shouldn’t put on your phone is a big step forward.