Apple iPhone Hacked – SMS Database can get Hijacked

Hackers (or researchers as they like to be known) have successfully hacked a fully patched Apple iPhone and created a way to copy the entire SMS database that includes previously deleted text messages.

The team comprised of VIncenzo Iozzo and Ralf Philipp Weinmann who created a website that was rigged with some code. Once an Apple iPhone [AAPL] (fully patched) user browses to the site the website is able to copy the contents of the SMS database within about 20 seconds of the person viewing the website.

Right now, if you visited their special website it would crash your browser, but the team say with a few more weeks they could run the attack without causing the browser to crash.

‘Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control,¬Ě Weinmann explained. Iozzo, who had flight problems, was not on hand to enjoy the glory of being the first to hijack an iPhone at the Pwn2Own challenge.

Apple do their best to try lock down these vulnerabilities, but as with all things it’s impossible to clamp the security down so tight that someone can not break in. There’s always some part of the code that can be exploited as demonstrated here.

The payload used chained return-into-libc (‘return oriented programming¬Ě) on ARM to execute in spite of code signing. As far as we know, this is the first public demonstration of chainged return-into-libc on thre ARM platform.

Not only could this hack take the SMS database, but if configured to do so a list of contacts could be stolen along with photos, music and emails.

Other than discussing a non-root user called “mobile” that allowed them to do certain things, the team decided not to comment as the information has been passed on to a security company who will not release the details till Apple manage to release a security patch.


Speak Your Mind