With tens of thousands camped in line today waiting for the Apple iPhone 5, hackers have already had their hands on the core iOS 6 operating system for some time. Two Dutch hackers managed to successfully beat Apple’s sturdy protections in place, and this week at the EUSecWest conference in Amsterdam presented the first successful hack of a patched iPhone 4S with an exploit that will also work against the new device. Read More ..
Joost Pol and Daan Keuper grabbed plenty of attention—and $30,000—for their efforts in winning the mobile Pwn2Own contest. The two researchers from Certified Secure, a Dutch security company, used a vulnerability in WebKit, the Web browser engine underneath Apple’s Safari browser. After three weeks’ worth of work, the duo had a working exploit that enabled them to steal data from the phone. Threatpost talked with Pol and Keuper about how they managed to crack the iPhone.
Threatpost: What motivated you to go after iPhone 4S (and iOS 6)?
Pol and Keuper: We believe that the iPhone has the best security features (ASLR, DEP, sandboxing, code-signing, etc.) and was thus the most interesting target for us. The release of IOS6 made it extra interesting since a newer WebKit version would be used, eliminating some older vulnerabilities/exploit-paths.
Threatpost: Describe the severity of the WebKit vulnerability you discovered and how you found it.
Pol and Keuper: We found the vulnerability by auditing the WebKit code. The vulnerability is quite severe as it allows (with some trickery) for arbitrary code execution (within the Safari sandbox) as demonstrated at the Pwn2Own. This gives us (for example) direct access to the user's personal photos, address-book and browsing history.