Hackers Joost Pol and Daan Keuper found a vulnerability in Apple’s WebKit platform that allowed them to hijack an iPhone 4S and gain access to photos, videos, address book contacts, and even the user’s browsing history.
Pol and Keuper said
it took about three weeks to develop the hack with the purpose of determining “how much time it would take a motivated attacker to do a clean attack against your iPhone. They demoed their exploit at Pwn2Own, an annual hacking competition.
”We shredded it from our machine. The story ends here, we’re not going to use this again. It’s time to look for a new challenge,” they said in an interview, assuring paranoid users that their iPhones are safe for now.
The duo earned a $30,000 / €23,133 cash-prize for performing what they called “a clean hack,” adding that iOS remains the toughest platform to break thanks to Apple’s stringent rules of approving only the most secure software on its mobile operating system.