Friday, March 11, 2011

Charlie Miller Wins Pwn2Own 2011 Contest for Hacking iPhone 4!

Oops! He did it again! Charlie Miller, known for exploiting Safari browser for the past 3 years, have ripped apart iPhone 4 security today at Pwn2Own 2011 hacking contest at Vancouver. This genius won the contest for the 4th time consecutively.
Image Courtesy: ZDNet
The attack simply required that the target iPhone surfs to a rigged web site.  On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book. Miller partnered with colleague Dion Blazakis to successfully exploit the Apple device using a MobileSafari flaw to swipe the iPhone 4′s address book. After winning, Dion tweeted:
@0xcharlie @dancaselden and I won the iPhone PWN2OWN. What a pain in the ass — glad it wasn’t iOS 4.3 (vuln still there, tho) :)
Interestingly, iPhone 4 test device was not running final iOS 4.3 build (most likely it was GM). Even though it was 4.3, it was exploitable as thevulnerability still exists.
After winning they have pocketed a cash prize of $15,000 USD, the device itself, and 20,000 ZDI reward points which immediately qualifies them for Silver standing that includes a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011 and paid travel and registration to attend the DEFCON Conference in Las Vegas. via ZDNet
We will bring you more news from 5th Pwn2Own hacking contest.