Charlie Miller Wins Again by Hacking into iPhone 4

After The French security firm Vupen hacked Safari in just a few seconds here comes a new winning story but this time hacking into iPhone 4.

Charlie Miller kept his Pwn2Own winning streak intact with another successful hack of an Apple product. This time by successfully hacking into iPhone 4 using an exploit found in Mobile Safari to swipe the address book of the compromised iPhone.

 

The attack simply required that the target iPhone surfs to a rigged web site.  On first attempt at the drive-by exploit, the iPhone browser crashed but once it was relaunched, Miller was able to hijack the entire address book.

Miller said the attack works perfectly against an iPhone running iOS 4.2.1 but will fail against the newest iOS 4.3 update. Apple has quietly added ASLR (address space layout randomization) to iOS 4.3, a key mitigation that puts up an extra roadblock for hackers.

In an interview with ZDNet, Miller said:

If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work.

As of 4.3, because of the new ASLR, it will be much harder.