- Jan 24, 2011
- 9,378
BlackBerry OS fell during the second day of the Pwn2Own hacking competition as a result of a drive-by download attack that chained together several exploits.
The trio that managed to hack RIM's mobile operating system, Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann, exploited two vulnerabilities in the open-source WebKit layout engine in order to do it.
The attack was launched from a specially crafted web page that stole information like contacts and images from the device and also wrote a file to the storage system.
The hackers chained together an exploit for an information disclosure bug and one for an integer overflow vulnerability, but what's most impressive is that they did it without any documentation.
They didn't have access to any debugging tool, like the ones available for other systems, that could have helped them determine how the attack code interacts with the system. Instead, they had to rely on exploiting a separate bug to read the device's memory.
"The BlackBerry is a system no one knows anything about. We know there’s a browser and a Java virtual machine. We had to assume that once we take over the browser, we can get further into the system," Vincenzo Iozzo told ZDNet.
More details - link
The trio that managed to hack RIM's mobile operating system, Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann, exploited two vulnerabilities in the open-source WebKit layout engine in order to do it.
The attack was launched from a specially crafted web page that stole information like contacts and images from the device and also wrote a file to the storage system.
The hackers chained together an exploit for an information disclosure bug and one for an integer overflow vulnerability, but what's most impressive is that they did it without any documentation.
They didn't have access to any debugging tool, like the ones available for other systems, that could have helped them determine how the attack code interacts with the system. Instead, they had to rely on exploiting a separate bug to read the device's memory.
"The BlackBerry is a system no one knows anything about. We know there’s a browser and a Java virtual machine. We had to assume that once we take over the browser, we can get further into the system," Vincenzo Iozzo told ZDNet.
More details - link
