The 1,209,600 second iPhone hack

“The annual CanSecWest PWN2OWN hacking contest has done it again and provided us news types with the perfect headline writing opportunity as the Apple iPhone falls to the hackers in just 20 seconds,” Davey Winder reports for DaniWeb. “The hackers in question, Vincenzo Iozzo and Ralf Weinmann, picked up the prize of $15,000 and an iPhone for being the first to launch a successful attack on the smartphone in Vancouver.”

MacDailyNews Take: Hackers in such contests pick Apple products to attack first in order to maximize publicity. Then they knock off lesser products that nobody cares about. The fact that hacking Apple is so lusted after combined with the fact that zero self-propagating viruses have ever successfully attacked Mac OS X users in the wild — in over 9 years, no less — speaks volumes.

Winder reports, “It took a little longer than 20 seconds to run that previously unknown hack attack using the Safari browser on the iPhone which allowed the SMS messages on the device, including those which had been previously deleted, to be sent to a remote server. How much longer? How does a couple of weeks of preparation sound?”

“Yes, for this SMS database hacking attack to work you need a user to be stupid at a website beforehand but that’s par for the insecurity cause,” Winder reports. “The worrying thing, I would say, is that the hackers demonstrated it was relatively easy to bypass Apple code-signing routines and exploit non-root user privileges in the first place. Especially as we are not talking about previously Jailbroken devices here as the PWN2OWN contest rules insist that only unmodified iPhones can be used.”

Full article here.

MacDailyNews Take: As always, thanks to anyone who finds and privately discloses security issues to Apple for the company to fix. This improves the security of Apple products. Too bad it generates tons of horribly overblown media hype in the process.


  1. OH NO, before you know it iPhone OS will be bogged down with viruses, just like Mac OS X was when they came out with those exploits and viruses a few years ago! WE ARE DOOMED

    (/sarcasm for those who need it)

  2. “Yes, for this SMS database hacking attack to work you need a user to be stupid at a website beforehand”

    They must be referring to the millions of Windows drones that continue to support and buy their POS.

  3. Of course, the hack has been prepared weeks ahead! What do you think? Hackers take a lot of time to find out how to break doors… But what is dangerous, is that it take only 20 seconds to get informations with.
    Apple could just do a similar thing as Opera: use their new lines of servers to predigest the websites and send clean copies streamed to the iPhone.
    This is probably the safiest way to go.

  4. GAWD! Who sells NOD32 for iPhone. Or was that Norton? Simi something! So long ago and hard to remember. Hey! An idea. I will call my PC user friends.

    For sure, they know. ” width=”19″ height=”19″ alt=”grin” style=”border:0;” />

  5. All these hacks always need some sort of user help. Okay, here is my login information and if that is not enough here is my drivers license, social security card, bank card and my DNA, have fun. Give me a fscking break.

  6. Actually, the iPhone, Safari 4, Firefox 3.6, and IE8 were all hacked in seconds.

    This simply proves that anything with a web browser is potentially vulnerable to those who really want access.

  7. YAWWWWWNN………..


    How much time did they take to prepare for the contest…… and you mean it requires a bit of social engineering….

    I want to see someone take over an iphone WITHOUT the “yeah..but..”

    Anyone? anyone???


  8. Okay, yes we get it, if your computer is connected to the internet, there’s will always be a possibility of getting hacked or getting a virus, not much unlike you as a human going out in public, that there’s always a chance of you catching a cold or the flu. The odds are against it, but the chance is there. So, what’s the only way to avoid catching a cold? Don’t ever go out. And what’s the only way of not getting hacked? Unplug from the internet.

    As a human, I’ll risk catching a cold and go out, but when I go out, I’ll be smart about it and wash my hands often and avoid people coughing in my face. Likewise with the internet, I’ll avoid sketchy sites, and emails and webpages asking for personal information/account numbers.

    As long as my computer/phone/media gadget is connected publicly there will always be a possibility of if getting hacked or catching a virus, but if I’m smart about it, I should be able to keep the odds extremely low to non-existent that it will. (and using an Apple product is about 90% of the being smart part!)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.