Two European researchers, Ralf Philipp Weinmann and Vincenzo Iozzo, found vulnerability in iPhone and successfully managed to hijack the SMS database.
These two guys showcased their talent in CanSecWest Pwn2Own hacking contest and won a $15,000 grand prize. Researchers took less than 20 seconds to retrieve previously deleted messages from entire database.
Weinmann has explained the process, but refused to reveal the details of this unknown vulnerability in the public.
Here’s what he has said:
Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control.
Contest sponsors will now submit the details of this vulnerability to Apple so that they can fix the issues. Apple might release a security patch in next iPhone firmware upgrade.
Such vulnerabilities could easily leak important and sensitive data from user’s phone. Of course, this is not the first case of iPhone hacking; iPhone hackers are doing it on regular basis. It’s our responsibility to implement precautionary measures in this situation.
[via ZDNet]