“The annual CanSecWest PWN2OWN hacking contest has done it again and provided us news types with the perfect headline writing opportunity as the Apple iPhone falls to the hackers in just 20 seconds,” Davey Winder reports for DaniWeb. “The hackers in question, Vincenzo Iozzo and Ralf Weinmann, picked up the prize of $15,000 and an iPhone for being the first to launch a successful attack on the smartphone in Vancouver.”
MacDailyNews Take: Hackers in such contests pick Apple products to attack first in order to maximize publicity. Then they knock off lesser products that nobody cares about. The fact that hacking Apple is so lusted after combined with the fact that zero self-propagating viruses have ever successfully attacked Mac OS X users in the wild — in over 9 years, no less — speaks volumes.
Winder reports, “It took a little longer than 20 seconds to run that previously unknown hack attack using the Safari browser on the iPhone which allowed the SMS messages on the device, including those which had been previously deleted, to be sent to a remote server. How much longer? How does a couple of weeks of preparation sound?”
“Yes, for this SMS database hacking attack to work you need a user to be stupid at a website beforehand but that’s par for the insecurity cause,” Winder reports. “The worrying thing, I would say, is that the hackers demonstrated it was relatively easy to bypass Apple code-signing routines and exploit non-root user privileges in the first place. Especially as we are not talking about previously Jailbroken devices here as the PWN2OWN contest rules insist that only unmodified iPhones can be used.”
Full article here.
MacDailyNews Take: As always, thanks to anyone who finds and privately discloses security issues to Apple for the company to fix. This improves the security of Apple products. Too bad it generates tons of horribly overblown media hype in the process.