Two hackers named Ralph Phillip Weinmann and Vincenzo Iozzo secured a prize of $15,000 by hacking iPhone in just 20 seconds at Pwn2Own contest. The hackers found a secure flaw in the iPhone using which they hacked the SMS database in the iPhone. Hackers pointed iPhone browser to a web containing exploit code, and the whole SMS database from iPhone was uploaded to the server where the exploit code existed.
While the attack was used to grab just the SMS data, which would include deleted messages, it could be designed to access contacts, photos, and other data on the iPhone, and without the user having any idea an attack was underway, the hackers said.
It’s a technique similar to that used in jailbreaking iPhone OS 1.x. In OS 1.x days, user simply needed to point his browser to a web and know what! user had a jailbroken iPhone. There are possibilities of taking advantage of recent security flaw and developing an over the air jailbreak for iPhone similar to that of OS 1.x.
But Apple is not going to sit around waiting for a hacker to take advantage of the loop hole. Most probably Apple is already working to patch the flaw. So, we can expect a new firmware update soon… may be firmware 3.1.4 or firmware 3.2.
iPhone Dev-Team member Musclenerd has also warned iPhone users via twitter:
Userland exploits affect security for all iPhones so expect Apple to close these as soon as they can. JBers avoid updates
If you’re looking for iPhone jailbreak, we have comprehensive guides on jailbreaking iPhone 3GS, 3G, 2G running iPhone OS 3.1.3 using RedSn0w, Sn0wbreeze and PwnageTool. You can jailbreak iPod Touch using our guides on RedSn0w 0.9.4, Sn0wbreeze and PwnageTool 3.1.5. and unlock using BlackSn0w and UltraSn0w.
iPad OS 3.2 GM is available now..
You may also be interested in: