Vincenzo Iozzo and Ralf-Philipp Weinmann spent 20 seconds yesterday on the first day of Pwn2Own “hacker” conference in Canada, to hack an iPhone and steal all the text messages (SMS) in the phone, including sent, received and even deleted messages.
They also said it was possible to get your contacts, e-mails and pictures, using the same hacking method.
So, how was it done? Very simple, actually. They just have to get the iPhone to visit a webpage which will exploit a bug in Safari and that way they gain access to the system via a user called “mobile” that has permissions to read text messages.
By doing this, Vincenzo and Ralf-Philipp won $15,000 and got the keep the iPhone, hence the name “Pwn2Own”.
Last year, nobody managed to hack a smartphone. This year, iPhone and Nokia E72 has been beaten so far. Blackberry and Nexus One are still “safe”, but the Pwn2Own conference is not over yet.