Dutch hackers discover iOS exploit that may be present in iPhone 5
How long would it take a determined attacker to hack into Apple's iPhone device from scratch?
That was the intellectual challenge that drove a pair of Dutch researchers to start looking for an exploitable software vulnerability that would allow them to hijack the address book, photos, videos and browsing history from a fully patched iPhone 4S. The hack, which netted a $30,000 cash prize at the mobile Pwn2Own contest here, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.
"It took about three weeks, starting from scratch, and we were only working on our private time," says Joost Pol (photo left), CEO of Certified Secure, a nine-person research outfit based in The Hague. Pol and his colleague Daan Keuper used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a "clean, working exploit."
- Mon, 2012-12-03 01:50
- Mon, 2012-06-18 06:09
- Fri, 2012-05-25 14:54