iPhone 4S And Galaxy S III Exploited At Pwn2Own Contest; Photos, Contacts And Other Info Compromised
Most of us – when shopping for a new mobile device – look for features like a fast processor, decent display resolution, respectable battery life and a reasonable camera. However, two common interests shared by all smartphone and tablet users are privacy and security, since nobody want their private business invaded nor sensitive information such as banking or work to be compromised.
Amsterdam was the venue of this year’s Pwn2Own contest, in which participating security experts from all over the world are challenged to exploit some of our favorite gadgets and applications. The rules state one can only utilize previously unknown vulnerabilities, and winners of the contest receive a sizeable cash prize.
This year, a pair of Dutch researchers discovered – and demonstrated – vulnerabilities within iOS which meant they could get control of the address book, photos, videos and browsing history from an untouched iPhone 4S running iOS 5 and 6. A WebKit vulnerability allowed the pair to launch a drive-by download, and the only prerequisite was that the device in question navigated to a particularly rigged web page.
Joost Pol, CEO of Certified Secure and one half of the $30,000-scooping double-act, said it took about three weeks of planning, and both he and colleague Daan Keuper used special code auditing techniques to eventually pinpoint the WebKit bug. Finding the bug was the easy bit, noted Pol in interview, for the pair then spent the majority of the three weeks piecing the feat. together in order to portray a “clean, working exploit.”
The vulnerability gave access to the address book, photos and videos and browsing history, although both SMS or e-mail were found to be inaccessible and encrypted.
The iPhone 4S wasn’t the only device which got compromised, the Galaxy S III also joined the party. Security firm which goes by the name of MWR Labs demonstrated that a Galaxy S III can be compromised by placing two NFC enabled Galaxy S IIIs next to each other. NFC is used to transfer the exploit which in return gives full root access to the user. Doesn’t sound pretty if you’ve been planning on getting a device with NFC on-board.
Although the workings of Pol and Keuper make something of a mockery of Apple’s security system, the pair have declared the Cupertino’s iPhone to be the most secure mobile device on the market. Clarifying, Pol said”
Even the BlackBerry doesn’t have all the security features that the iPhone has. For example, BlackBerry also uses WebKit but they use an ancient version. With code signing, the sandbox, ASLR and DEP, the iPhone is much, much harder to exploit.
So, why did they go after the hardest target? The message is simple, and one which exclaims that nobody should do “anything of value” on their mobile device.
The exploit was immediately destroyed following the Pwn2Own demo. Thankfully, only Apple has been notified about it with all the details. Expect it to get it patched in the next iOS update, whenever it is released.