iPhone, Safari, IE 8, Firefox hacked in CanSecWest contest

Researchers on Wednesday demonstrated that they could hack a non-jailbroken iPhone, Safari running on Snow Leopard and Internet Explorer 8 and Firefox on Windows 7 as part of the annual Pwn2Own contest at the CanSecWest security show here.

Researchers on Wednesday demonstrated that they could hack a non-jailbroken iPhone, Safari running on Snow Leopard and Internet Explorer 8 and Firefox on Windows 7 as part of the annual Pwn2Own contest at the CanSecWest security show here.

Charlie Miller, principal security analyst at Independent Security Evaluators, won $10,000 after hacking Safari on a MacBook Pro without having physical access to the machine. Miller won $5,000 last year by exploiting a hole in Safari, and in 2008 nabbed $10,000 hacking a MacBook Air, all on the same computer.

Peter Vreugdenhil, an independent security researcher from the Netherlands, will receive $10,000 for using his exploit to bypass security features in IE 8.

Also winning $10,000 was Nils, head of research at UK-based MWR InfoSecurity, who targeted Firefox on 64-bit Windows 7. He declined to provide his last name. As a computer science student at the University of Oldenburg in Germany last year he won $15,000 for exploits he demonstrated in IE 8, Safari, and Firefox.

And finally, Ralf Philipp Weinmann, of the University of Luxembourg, and Vincenzo Iozzo, of German company Zynamics, hacked the iPhone and will share the $15,000 prize. Because Iozzo was delayed en route to the contest, his Zynamics colleague Thomas Dullien, better known as Halvar Flake in the security community, served as his proxy, organizers of the contest sponsored by TippingPoint's Zero Day Initiative said.

Miller declined to provide details on his exploit, but said the target computer was compromised after visiting a Web site hosting the malicious code.

"I got an interactive shell (interface) on his box so I could run any commands I want," he said. "He had no idea and his machine was totally patched."

Miller wrote the exploit in less than a week. "It was very reliable," he said. "Some researchers say it's 'weaponized,' which means it always works."

To hack IE 8, Vreugdenhil said he exploited two vulnerabilities in a four-part attack that involved bypassing ASLR (Address Space Layout Randomization) and evading DEP (Data Execution Prevention), which are designed to help stop attacks on the browser. As in the other attacks, the system was compromised when the browser visited a Web site hosting the attack code. The exploit gave him user rights on the targeted computer, which he demonstrated by running the calculator on the machine.

Nils said he exploited a memory corruption vulnerability and also had to bypass ASLR and DEP as a result of a weakness in Mozilla's implementation. "It's Mozilla's turn to fix this," he said. "If properly used, they can be good mitigators."

He said it took him only a few days to write the exploit, which was created to run the Windows calculator for the demo. But "I could have started any process," he said.

Asked to comment on the researchers' ability to bypass ASLR and DEP, a Microsoft representative said the company would investigate the vulnerabilities. "We're not aware right now of any attacks taking place," said Pete LePage, an IE product manager.

For the iPhone contest, Iozzo and Weinmann wrote an exploit in about two weeks that was designed to steal the contents of the SMS database on an iPhone.

To accomplish the attack the target iPhone was used to visit a Web site hosting exploit code. "The payload executes and uploads the local SMS database of the phone to the server we control," said Weinmann.

The exploit was written to bypass the digital code signatures used on the iPhone to verify that the code in memory is from Apple, he said. The exploit then looked for chunks in Apple's code that could be pieced together to accomplish the attack, according to Weinmann.

"Bypassing the code signing was a major issue," Flake said. The technique used has been known since 1997 but has not been used on an ARM processor until now, he added.

While the attack was used to grab just the SMS data, which would include deleted messages, it could be designed to access contacts, photos, and other data on the iPhone, and without the user having any idea an attack was underway, the researchers said.

TippingPoint shares information on the exploits with the affected vendors so they can work on patches.

Source: CNET

Tags: break, browsers, Firefox, Internet Explorer, iPhone, Safari

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (16)