An iPhone got hacked in just 20 seconds at this week’s Pwn2Own hacking contest at CanSecWest 2010, along with Internet Explorer 8, and Apple’s Safari browser. DV Labs sponsors the annual hacking contest where if you successfully exploit a target you get to keep it along with a ZDI cash prize and related benefits. The event is spread over three days, and offers targets on multiple platforms. This year Hackers Vincenzo Iozzo and Ralf Philipp Weinmann demoed a exploit on the iphone, that allowed them to send a target iPhone to a web site that they’d set up online, and then copied the entire SMS database of the target iPhone including deleted text messages to their own server. All which was done in under 20 seconds!
They were assisted by hacker Halvar Flake, who says Apple does have some protection in place for running malicious code on the iPhone, but it doesn’t cut it. “The way they implement code-signing is too lenient.” Weinmann and Iozzo won a $15,000 cash prize and got the keep the hijacked iPhone. For a full rundown on all the events, Ryan Naraine from ZDnet has been on the scene and doing an excellent job covering the event. And for insight on how the hack works you can read it here.