Pwn2Own 2010 Participants Hack Firefox, Safari, iPhone & IE8

The CanSecWest security conference has witnessed the fall of two of the most popular internet browsers, Firefox and Internet Explorer 8, on the first day of the Pwn2Own hacking contest.

The two browsers were hacked on Windows 7 using previously undisclosed security vulnerabilities by Peter Vreugdenhil and the 26-year old star of last year, "Nils".  In addition, Safari on MacOSX defences were also breached by Charlie Miller, a regular contestant at Pwn2Own.

It is the fourth time in as many years that all these browsers were hacked into and Miller, a principal security analyst at Independent Security Evaluators, is also expected to release a whopping 19 other zero-day OS X exploits at CanSecWest.

But the star of the show were two European researchers, Vincenze Iozzo and Ralf Weinmann, who managed to circumvent the iPhone security walls and download the whole SMS database of a fully patched iPhone 3GS, the first actual hack of Apple's smartphone since 2008.

They also managed to copy contact details, music files as well as pictures and managed to do it using a specially crafted malicious webpage. Obviously, it does mean that unsuspecting users will have to access these particular pages first for the hack to happen.

The pair also won $15,000, the iPhone that they compromised as well as a trip to last Vegas. The Next Web has an excellent description of how this took place and explains that the iPhone 2.0 firmware made the smartphone even more secure.