Every year security-minded tinkerers get together with the latest browsers and smartphones to see how quickly they can hack them, with the promise of thousands of dollars to motivate them. It’s all part of CanSecWest, and this year Safari, Internet Explorer 8 and Firefox were all exploited while the iPhone gave up its SMS database in a Pwn2Own hacking contest.
Three different hackers took away $10,000 apiece for hacking the three browsers, despite having no physical access to the machines they were running on. While full details were not made public, the hacks generally required the user access a certain compromised website that took advantage of a hole in Apple, Microsoft or Mozilla software.
As for the iPhone, hackers Vincenzo Iozzo and Ralf Philipp Weinmann created a special website that, when visited on the Apple smartphone, automatically pulled out its SMS database. However they also claim that the same technique could be used to extract the iPhone’s contacts, email, photo gallery and iTunes media files. The pair took away $15,000 in prize money.