This article was published on September 19, 2012

Dutch security researchers hack Apple iPhone 4S by exploiting Safari in iOS 5 and iOS 6


Dutch security researchers hack Apple iPhone 4S by exploiting Safari in iOS 5 and iOS 6

The Samsung Galaxy S 3 wasn’t the only device to fall to hackers in Amsterdam today. The Mobile Pwn2Own contest at the EuSecWest Conference had another big winner: a Dutch team from Certified Secure that took down the iPhone 4S on Wednesday by exploiting the Safari mobile browser, according to ZDNet.

The hack has been confirmed to work on the Apple iPad, iPhone 4, and the iPod touch (all previous versions). To make matters worse, the attack works not only on iOS 5.1.1, but also iOS 6 (Gold master). This means it the new iPhone 5 is almost certainly affected as well.

The security researchers used a malicious webpage to send the iPhone 4S’ address book, browsing history, photos, and videos to a server of their choice. It was a drive-by download attack, meaning the user just has to go to the website, but doesn’t have to click (err, tap) on anything to have their data stolen. Furthermore, the site does not crash the browser, so the user is oblivious to losing their data.

The WebKit browser exploit circumvents the security mechanisms in Safari, the flaw for which was discovered when the security researchers asked themselves how long it would take to hack into Apple’s latest iPhone without using any previously known security holes. They used multiple techniques to get an exploit that kept the user unaware of what was happening, but it all started with a single 0day bug to sidestep Apple’s security systems in iOS.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

“It took about three weeks, starting from scratch, and we were only working on our private time,” Certified Secure CEO Joost Pol told ZDNet. “We really wanted to see how much time it would take a motivated attacker to do a clean attack against your iPhone. For me, that was the motivation. The easy part was finding the WebKit zero-day.”

Technical details were not disclosed, however, as the researchers don’t want the flaw to land in the hands of cyber criminals. In the meantime, they picked up $30,000 for their hack, and details of the security hole were sent to Apple. You can expect Cupertino to patch this one in the next version of iOS.

Image credit: stock.xchng

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top