Forgot your password?

Security Researchers Hack iPhone 4S – Claim Android & BlackBerry Easier Targets


The latest hack coming out of Pwn2Own is from EUSecWest in Amsterdam. A group of Dutch security researchers from Certified Secure decided to see how long it would take to exploit and hack an iPhone in their spare time. They completed a WebKit exploit by stringing along a zero day vulnerability along with a few other techniques to access the address book, contacts, photos, videos, and browsing history of any user who visited the website. This exploit worked in iOS 5 and the iOS 6 Gold Master beta and also works on the iPad, iPod Touch, and iPhone 4. This won them the $30,000 cash prize and they have passed the vulnerability data to Apple.

RIM is a sponsor of EUSecWest along with Microsoft and a few others. That is why I am really curious to hear RIM’s response to what the security researchers told ZDNet. The team said that the iPhone “is the most secure mobile device available on the market” and then went on to say that:

"Even the BlackBerry doesn’t have all the security features that the iPhone has. For example, BlackBerry also uses WebKit but they use an ancient version. With code signing, the sandbox, ASLR and DEP, the iPhone is much, much harder to exploit," Pol said matter-of-factly.

He reckons that the Android platform is also "much better" than BlackBerry and said the decision to go after iPhone 4S at Pwn2Own was simply aimed at going after the harder target. "We really wanted to show that it is possible, limited time, with limited resources, to exploit the hardest target. That’s the big message. No one should be doing anything of value on their mobile phone," Pol said.

Their claim that the vulnerability lies in WebKit is probably correct though I am curious what versions are in the iOS vs BlackBerry branch. I will be reaching out to RIM to see what they have to say. Until then I highly recommend checking out the full ZDNet article. Let us know what you think!

10 total comments on this postSubmit your comment!
  1. Okay, if its so easy, lets see them hit up Blackberry (7 or 10 – apples to apples after all). The proof is in the hacking.

  2. They’re only focusing on one type of attack… then claiming entire systems overall are easier or harder to hack…

  3. This is just hyperbole on the hackers part. RIMM should issue them a challenge – Bring it on!

    • RIM has been asking hackers to bring it on. It’s been several months and no takers. It would be interesting to see what these guys come up with. If they do have something it’s an opportunity to close the hole. Best to know about these hacks rather than have the bad guys taking advantage without you knowing about it.

  4. i think most importantly that RIM should keep JavaOS alive and bring it back to its original roots with the old browser, for large enterprise/governments. Get rid of webkit, sell it at a premium for high-security environments.

  5. Skeptical is all I’ll say.

  6. The only proof is in the actual hacking…
    Hack first successfully, talk later.

  7. Yeah I am skeptical too but I reached out to RIM and their BBSIRT to get their response. Hopefully will have it tomorrow.

  8. Then why is BlackBerry the only FIPS certified smartphone? That doesn’t make any sense… at all.

2 total pingbacks on this post

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC