Hacker Conquer Blackberry Torch and Iphone 4

Hacker Conquer Blackberry Torch and Iphone 4, In the hands of hackers, Apple iPhone and BlackBerry 4 Torch made ​​by Research In Motion (RIM) was still uprooted security system. The hackers who participated in the contest Pwn2Own in Vancouver, Canada, 9-11 March 2011, he managed to conquer the two smartphones.

Three researchers with the name of the Anon team managed to penetrate the security system via BlackBerry Torch found many flaws in the browser's WebKit rendering engine or trunk. They managed to smuggle a program to prove to them by exploiting some weakness is to steal a list of contacts and image databases.

Despite many shortcomings, not easily penetrate the BlackBerry. This is because there is no documentation for the public about the operating system. Therefore, hackers have to do trial and error techniques to try to penetrate.

Webkit is one part of the potential targets. Torch BlackBerry is the first BlackBerry device that uses WebKit in the browser .. However, the browser is still not finished overcome spatial randomization (ASLR) and Data execution prevention (DEP) by Iozzo, although still somewhat of an iPhone from the security side, the closure of a constraint BlackBerry own.

"It would be difficult to attack the system if you do not have the documentation and information," said Iozzo. The fourth attack the iPhone, hackers also exploit weaknesses in the mobile version of Safari browser. Charlie Miller, security researchers from Independent Security Evaluators Blazakis Dion and his colleagues, managed to smuggle a program to steal contacts list. It uses the return-oriented programming techniques (ROP) with DEP bypass.

Target of the attack is 4 iPhone that uses the IOS operating system 4.2. In the latest IOS version 4.3, the vulnerability is still not fixed. However, additional ASLR may be able to resist the techniques used to attack.

"However, only need slight modifications to penetrate the security layer and the device is still vulnerable from attack until MobileSafari patched," said Miller. Three researchers, namely Vincenzo Iozzo, Willem Pinckaers, and Ralf Phillip Weinmann, reserves the right to steal the prize U.S. $ 15,000 and the tools to conquer it. The same thing for the team led by Miller.

Until the contest ended, the two other systems, Android 2.3 running on the Samsung Nexus S and Windows Phone Pro 7 on a Dell Place not yet penetrated. However, this is not because the security level managed to survive, but because there is no menjajalnya participants.

For the contest to break the browser, Chrome and Firefox 3.6 only 9 survivors of the attack. Safari and Internet Explorer 8 successfully conquered by hackers since the first day.