Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
03-25-2010, 02:44 AM #1
Hacker Victory Declared at Pwn2Own Hacking Contest
Here's how it all went down at the fourth annual Pwn2Own hacking contest in Vancouver last night. The iPhone fell. And from the looks of it, the Apple device hardly even put up a fight. And on Wednesday, the Pwn2Own hacker contest resulted in Vincenzo Iozzo and Ralf Weinmann winning $15,000 for their mad hacking skills.
Highlighting the kind of behavior that keeps internet security experts awake at night, the hack attack in question came on the very first day of the contest - hardly enough time to work up a good sweat. This is the fourth consecutive year that the platforms on display were targeted by hackers, although this year's efforts were arguably the most impressive in contest history. Last year, the iPhone was not successfully hacked.
Iozzo and Ralf Weinmann created what's being called an "undisclosed attack" on the iPhone's mobile Safari browser. Essentially, they cooked up a website that made a visiting iPhone dump a copy of its SMS database. Hacker Charlie Miller (the first to hack the iPhone three years ago) was quoted in various online media reports calling this hack the first "fully functioning" iPhone attack since the 2008 release of the device's second version.
The Pwn2Own contest, which is reviled by some and revered by others, handsomely rewards (with cash and prizes) hackers for their exploit code. A total of $100,000 in prizes is on the line this year... and there are plenty of hackers returning to the stage and some angling for the first time to make a name for themselves at an event that is tantamount to the Superbowl for hackers.
Still on tap for the three-day hack fest are: MacBook Pro, Internet Explorer, Google's Chrome browser, Firefox, BlackBerry, a Nexus One and a Nokia E72.
Image via MaximumPC
The Following User Says Thank You to Michael Essany For This Useful Post:
03-25-2010, 03:03 AM #2
Can I have some of that money??? PLEASE...
03-25-2010, 03:10 AM #3
Stop using Safari! They might get your TEXT MESSAGES!
What the hell would a hacker want with my text messages? Oh noes! He's reading about how much I hate the fact I have to wake up at 5am for work!
What good would the normal person's text messages do them? Most people don't send their credit cards, or passwords by text message.
I'd hate to be whoever has to sift through the millions of text messages looking for something that probably isn't there.
The Following User Says Thank You to shadow25 For This Useful Post:
03-25-2010, 03:17 AM #4
As I've just said in the members news thread - Apple will patch this so one less exploit for us to use.
It could have proved very useful if they'd told the JB community rather than Apple.
Last edited by confucious; 03-25-2010 at 03:17 AM. Reason: Automerged DoublepostHe who asks a question looks foolish for 5 minutes. He who doesn't ask a question remains foolish forever.
03-25-2010, 04:23 AM #5
03-25-2010, 05:52 AM #6
maybe they could use this for th 3.1.3 jailbreak that everyones been crying about. the exploits gonna get burned anyway by the time 3.2/4.0 hits but at least it could be used in the meantime. AND its userland, which hasnt been around since 1.1.x...this jailbreak would be even quicker than blackra1nWanna-be coder/iphone user since '08
03-25-2010, 06:03 AM #7
Except, apart from those that did it, the only people who will be told the details are Apple....He who asks a question looks foolish for 5 minutes. He who doesn't ask a question remains foolish forever.
03-25-2010, 07:31 AM #8
Don't think windows is any better because they are not. What I dislike about my MB is that i have a piece of blue tape covering my webcam because if they can get into safari, preview, and office whos stopping them from viewing your cam? it is always faced at you, those are about some of the only programs i do use regularly. And how am i supposed to know im safe. Really just dont be stupid think for yourself for a min. If some random guy can break into safari plus indcluding all the people that made safari and the glitch they probably made to access w/e they want to though the internet. so really do i care safari got hacked? or that Mac osx has major security flaws. I think we are all f**ked soon enough when we start seeing viruses.
03-25-2010, 07:37 AM #9
If you had an exploit and you had a choice between $15000 and releasing it to the community? Lets be honest, most people would choose the 15k. And by doing so, the exploit gets sent to Apple, so your outta luck people.
03-25-2010, 07:37 AM #10
03-25-2010, 07:48 AM #11
Not necessarily out f luck though. If they go responsible disclosure 'rules' then they'll inform apple and leave enough time for them to fix it before making it public. It should still go public and anyone who hasn't installed apples fix will be able to use it.
I personally would prefer if it didn't, not for my benefit but it'll get a lot of abuse no doubt once it does.. All you have to do it buld a decent payload and have an admob account.. instant access to nearly all iphones out there.
I guess $15,000 is fair for this exploit. If it were sold to someone with ill intentions they'd have paid a lot more.
03-25-2010, 07:48 AM #12
true... i have hacked into various computers via metasploit and when i get access I have used stealthy VNC to see if they have a webcam program.... I have turned it on and been able to see them hahaha.... this only really cant be detected if they have one of those webcams without the light.... if they have a laptop or a devices that has a light then they are most likly retarded lol and just dont notice that the webcam light is on.
03-25-2010, 08:31 AM #13
03-25-2010, 09:13 AM #14
@Messany- I already posted this in the user news section...
03-25-2010, 10:54 AM #15
IMHO, having an exploit like this out in the public would far outweigh the benefits of being able to jailbreak such a worthless firmware revision as 3.1.3.
03-25-2010, 11:16 AM #16
15k for a exploit?? who paid that? Apple?
03-25-2010, 04:07 PM #17
so did at&t get hacked today? cuz they are having MAJOR system wide problems. no service, no data...
03-25-2010, 04:52 PM #18
Ohh...that why Tiger Wood got hack.......
03-25-2010, 07:11 PM #19
03-25-2010, 11:28 PM #20