The Pwn2Own contest took place for this year at the CanSecWest security conference held on March 24th 2010. The aim of this contest is to call hackers looking for vulnerabilities in browsers and operating systems and exploit them. Τhis year is more interest due to the fact that has increased the pecuniary rewards for hacking computers and smart-phones. Last year were not given the rewards for smart-phones while no-one it could not attack them.
One of those smart-phones is the iPhone 3GS and hacked by Vincenzo Iozzo and Ralf Philipp Weinmann, by using an exploit against to an unknown vulnerability and a web server. They accomplished to exfiltrate the entire SMS database in about 20 seconds.
At the web server was written some code, so every visit from the browser of iPhone has the result to steals the SMS database from the phone. In order to achieve this result, they chained existing code bits in a technique commonly known as return-into-libc ” or “return-oriented-programming”.
