Charlie Miller Wins At Pwn2Own Conference Again By Hacking iPhone 4

Posted Mar 11, 2011

At the Pwn2Own computer hacking contest held at the annual CanSecWest security conference, Charlie Miller has won another award for successfully hacking the iPhone 4. Miller used a flaw in the mobile version of Safari to swipe the address book from the phone.

Miller surfed to a rigged website on a mobile version of Safari and tried to do a drive-by exploit. The iPhone browser had crashed, but once it relaunched Miller could hijack the address book from the phone. This hack works on iOS 4.2.1, but won’t work on iOS 4.3. Apple added ASLR (address space layout randomization) to iOS 4.3 which means that hackers will have a hard time penetrating the system.

In 2007, Miller broke into a patched iPhone using a vulnerability in Safari. The hacked iPhone Safari browser was able to read SMS messages, the address book, call history, and voicemail data.

[ZDNet]