Researchers have managed to break into Apple's latest iOS operating system running on the iPhone 7 and run arbitrary code on the device.
In the Trend Micro sponsored Zero Day Initiative MobilePwn20wn competition, participants from the security team of Chinese web services provider Tencent were able to exploit four bugs to install a rogue application by simply connecting to a wi-fi network.
The Tencent team were able to make the application appear on an iPhone 7 running the latest iOS 11.1 operating system and make it survive a reboot of the device. They received US$215,000 (A$280,100) for their efforts.
Another attempt at hacking an iPhone 7 earnt researcher Richard Zhu US$25,000 (AS$32,600).
Zhu managed to exploit bugs in the Safari mobile web browser to escape "sandbox" or application isolation measures and run code on the device.
The Pwn20Wn competitors also successfully hacked a Samsung Galaxy S8 via the built-in web browser, running their code at elevated privilege levels.
Huawei's P9 smartphone was also targeted, with the Tencent team using a stack overflow condition to run code on the baseband processor to change the IMEI unique device identifier.
Modifying the IMEI would cause wide-ranging service disruptions on telco networks if exploited in the wild.
The Zero Day Initiative said this was the first-ever baseband exploit. It requires a firmware update to fix the underlying problem.
The Tencent team eam earnt another US$100,000 (A$130,400) for the Huawei baseband exploit.
.png&h=140&w=231&c=1&s=0)
_page-0001_(1).jpg&w=100&c=1&s=0)
Integrate
