Skip to main content

Pwn2Own 2010 Participants Hack Firefox, Safari, iPhone & IE8

The CanSecWest security conference has witnessed the fall of two of the most popular internet browsers, Firefox and Internet Explorer 8, on the first day of the Pwn2Own hacking contest.

The two browsers were hacked on Windows 7 using previously undisclosed security vulnerabilities by Peter Vreugdenhil and the 26-year old star of last year, "Nils". In addition, Safari on MacOSX defences were also breached by Charlie Miller, a regular contestant at Pwn2Own.

It is the fourth time in as many years that all these browsers were hacked into and Miller, a principal security analyst at Independent Security Evaluators, is also expected to release a whopping 19 other zero-day OS X exploits at CanSecWest (opens in new tab).

But the star of the show were two European researchers, Vincenze Iozzo and Ralf Weinmann, who managed to circumvent the iPhone security walls and download the whole SMS database of a fully patched iPhone 3GS, the first actual hack of Apple's smartphone since 2008.

They also managed to copy contact details, music files as well as pictures and managed to do it using a specially crafted malicious webpage. Obviously, it does mean that unsuspecting users will have to access these particular pages first for the hack to happen.

The pair also won $15,000, the iPhone that they compromised as well as a trip to last Vegas. The Next Web has an excellent description (opens in new tab) of how this took place and explains that the iPhone 2.0 firmware made the smartphone even more secure.

Our Comments

CaSecWest is sponsored by Tipping Point - they actually provide the cash prizes. The latter is part of 3Com which again has been acquired by HP late last year. It actually costs them significantly to get these security experts to spend a few hours hacking well known applications than to do it by themselves.

Related Links

iPhone, IE, Firefox, Safari get stomped at hacker contest (opens in new tab)

(Theregister)

Pwn2Own 2010: iPhone hacked - as well as IE 8, Firefox and Safari (opens in new tab)

(H-online)

Researchers Show How to Remotely Steal Pics, SMS Texts From iPhone (opens in new tab)

(Dailytech)

Pwn2Own contest sees Apple iPhone, IE8, Firefox and Safari hacked (opens in new tab)

(SCMag)

Apple and Microsoft get trashed by hackers again (opens in new tab)

(TheInq)

Désiré Athow
Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.