Pwn2Own 2010 Participants Hack Firefox, Safari, iPhone & IE8

The CanSecWest security conference has witnessed the fall of two of the most popular internet browsers, Firefox and Internet Explorer 8, on the first day of the Pwn2Own hacking contest.

The two browsers were hacked on Windows 7 using previously undisclosed security vulnerabilities by Peter Vreugdenhil and the 26-year old star of last year, "Nils". In addition, Safari on MacOSX defences were also breached by Charlie Miller, a regular contestant at Pwn2Own.

It is the fourth time in as many years that all these browsers were hacked into and Miller, a principal security analyst at Independent Security Evaluators, is also expected to release a whopping 19 other zero-day OS X exploits at CanSecWest.

But the star of the show were two European researchers, Vincenze Iozzo and Ralf Weinmann, who managed to circumvent the iPhone security walls and download the whole SMS database of a fully patched iPhone 3GS, the first actual hack of Apple's smartphone since 2008.

They also managed to copy contact details, music files as well as pictures and managed to do it using a specially crafted malicious webpage. Obviously, it does mean that unsuspecting users will have to access these particular pages first for the hack to happen.

The pair also won $15,000, the iPhone that they compromised as well as a trip to last Vegas. The Next Web has an excellent description of how this took place and explains that the iPhone 2.0 firmware made the smartphone even more secure.

Our Comments

CaSecWest is sponsored by Tipping Point - they actually provide the cash prizes. The latter is part of 3Com which again has been acquired by HP late last year. It actually costs them significantly to get these security experts to spend a few hours hacking well known applications than to do it by themselves.

Related Links

iPhone, IE, Firefox, Safari get stomped at hacker contest

(Theregister)

Pwn2Own 2010: iPhone hacked - as well as IE 8, Firefox and Safari

(H-online)

Researchers Show How to Remotely Steal Pics, SMS Texts From iPhone

(Dailytech)

Pwn2Own contest sees Apple iPhone, IE8, Firefox and Safari hacked

(SCMag)

Apple and Microsoft get trashed by hackers again

(TheInq)