Hacking iPhone, Safari, Firefox, IE8 is easy at least it was for researchers at the annual Pwn2Own contest at the CanSecWest security conference in Vancouver.
The participants demonstrated their skills showing they could easily hack the aforementioned without having physical access to the computer.
At the CanSecWest Hacking Contest Charlie Miller, a principal security analyst at Independent Security Evaluators, was successful in hacking Safari on a MacBook Pro and won $10,000. The previous year, he had won $5,000 by exploiting a hole in Safari. He has even hacked MacBook Air.
Other participants who had other achievements to their credit included Peter Vreugdenhil, an independent security researcher from the Netherlands, gained access to the security features in IE 8 and won $10,000; Nils, head of research at UK-based MWR InfoSecurity, who was able to hack Firefox; and two participants were able to breach the iPhone codes – Ralf Philipp Weinmann of the University of Luxembourg and Vincenzo Iozzo of German company Zynamics.
Both will share the prize money worth $15,000 for iPhone hacking. Weinmann said, “The payload executes and uploads the local SMS database of the phone to the server we control.”
Because Iozzo was late for the contest, Thomas Dullien, alias, Halvar Flake, his Zynamics colleague, served as his proxy and said “Bypassing the code signing was a major issue,” adding that the technique that they employed had been known since 1997 but never tried on an ARM processor.
Miller, who hacked Safari on a MacBook Pro, did not provide details of his exploits, but said,
“I got an interactive shell (interface) on his box so I could run any commands I want. He had no idea and his machine was totally patched. It was very reliable. Some researchers say it’s ‘weaponized,’ which means it always works.”
Vreugdenhil, who hacked IE8, said he bypassed ASLR (Address Space Layout Randomization) and evaded DEP (Data Execution Prevention) that have been designed to prevent attacks on the browser.
Vincenzo Iozzo now has user rights on the computer he had targeted to demonstrate his hacking skills.
A Microsoft representative there said that the company would investigate the “vulnerabilities” as to how ASLR and DEP could be bypassed. Pete LePage, an IE product manager, said “We’re not aware right now of any attacks taking place.”