Apple iPhone 4 and the BlackBerry Torch made by Research In Motion (RIM) appeared to still be hacked security system. The hackers who participated in the contest Pwn2Own in Vancouver.
To attack the iPhone 4, the hackers also exploit weaknesses in the mobile version of Safari browser. Charlie Miller, a security researchers from Independent Security Evaluators Blazakis Dion and his colleagues, managed to smuggle a program to steal contacts list. It uses the technique of return-oriented programming (ROP) with DEP bypass.
Target of the attack was the iPhone 4 that use the IOS operating system 4.2. In the latest IOS version 4.3, the vulnerability is still not fixed. However, additional ASLR may be able to resist the techniques used to attack.
The three researchers, namely Vincenzo Iozzo, Willem Pinckaers, and Ralf Phillip Weinmann, is entitled to steal U.S. $ 15,000 prize and devices that conquered it. The same thing for the team led by Miller.
Three researchers with the name Team Anon successfully penetrate the security system via BlackBerry Torch found many weaknesses in the browser rendering engine Webkit or luggage. They managed to smuggle the program proved to them by exploiting a number of weaknesses were to steal contact lists and databases of images.
Until the contest ended, the two other systems, Android 2.3 running on the Samsung Nexus S and Windows Phone Pro 7 on Dell Venue yet to be penetrated. However, this is not because the level of security managed to survive, but because no participants try.
For the contest to break the browser, Chrome is only 9 and Firefox 3.6 that survive from the attack. Safari and Internet Explorer 8 successfully conquered hackers from day one.
