iPhone's SMS Database Can Be Hijacked in 20 Seconds

Illustration for article titled iPhone's SMS Database Can Be Hijacked in 20 Seconds

As part of the Pwn2Own 2010 hacking contest, Vincenzo Iozzo and Ralf Philipp Weinmann created an exploit which allows them to hijack fully-patched iPhones' SMS databases—right down to deleted messages—simply by luring users to a "rigged" website.

Advertisement

Aside from hijacking entire SMS databases in about 20 seconds, the exploit could potentially also be used to "exfiltrated the phone contact list, photographs and iTunes music files." All that by simply having a user visit a specific website and without ever needing to leave the iPhone sandbox.

Iozzo and Weinmann received $15,000 for writing this contest-winning exploit, but no details of the hack will be released until Apple has been notified and is able to patch the vulnerability. [ZDNET]

DISCUSSION

benguin-the-albatross-old
Benguin the Albatross

On the topic of iPhone/Mac vulnerability, I would like to know the following:

1) How many Apple fans actually believe their systems are impenetrable?

2) How many Apple haters think that all Apple fans actually believe their systems are impenetrable?

As an Apple user, I am of the belief that my system is more secure but only for a lack of trying. Not because OS X is some kind of magical uber operating system, just because nobody has really made the attempt.