iPhone 4S, Samsung Galaxy S3 hacked in contest

Researchers demonstrate how to remotely attack the mobile devices as part of mobile Pwn2Own contest at security conference.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

Dutch and British hackers compromised an iPhone 4S and a Samsung Galaxy S3, respectively, in separate gambits as part of a mobile Pwn2Own contest at a security conference in Amsterdam this week.

Joost Pol, chief executive officer of Dutch research firm Certified Secure, and colleague Daan Keuper created an exploit that allowed them to hijack the address book, photos, browsing history and videos from a fully patched iPhone 4S at the EuSecWest conference, according to CNET sister site ZDNet. And that effort has implications for Apple's new iPhone 5.

"We specifically chose this one because it was present in iOS 6 which means the new iPhone coming out [this week] will be vulnerable to this attack," Pol said, adding that the exploit also works on the iPad, iPhone 4 and iPod Touch. Despite that, he says the iPhone is the most secure mobile device on the market.

Meanwhile, a team from U.K.-based MWR Labs beamed a malicious file via NFC (near-field communications) technology to a Samsung Galaxy S3 running Android 4.0.4 that exploited a previously unknown vulnerability in the document viewer in the operating system, and then gained full access to the data via another unknown hole, according to another ZDNet report. The attack could also be accomplished by sending a target malicious e-mail attachments or URLs instead of using NFC.

Both winning teams will receive a $30,000 cash prize.

We've reached out to Apple, Google and Samsung seeking comment and will update this story when we hear back.