iPhone Hackers Win $300K

A white hat hacking team has won a life-changing amount of money for completing the world's first public remote jailbreak of the iPhone 13 Pro.

The feat was performed over the weekend at the fourth annual Tianfu Cup, an international cybersecurity competition held in Chengdu in the People's Republic of China. The event offers big cash prizes to cybersecurity researchers who can demonstrate their ability to get around the digital defenses of consumer software and devices.

During the Cup, Apple's newest iPhone, running the latest and fully patched iOS 15.0.2, was reportedly hacked twice. 

The first hack was demonstrated live on stage by the Kunlan Lab team. It was achieved in fifteen seconds by exploiting a remote code execution vulnerability.

Another team at the Tianfu Cup that managed to hack into Apple's latest iPhone was Team Pangu. This team claimed the top prize in the competition for remotely jailbreaking a fully patched iPhone 13 Pro running iOS 15. 

According to Forbes, the details of how Team Pangu achieved the hack have not been publicized. But reports suggest that when a user clicked on a link forged by the team, the Safari web browser was triggered. 

The team was then able to bypass the browser's protection mechanism and exploit multiple iOS15 kernel vulnerabilities to access the iPhone's contents. 

The hacking team accessed apps and photo albums and directly deleted data on the iPhone and executed other commands.

Three tiers of prizes were up for grabs by teams that hacked the iPhone 13 Pro. A team that broke in using remote code execution could win $120,000, while remote code execution with a sandbox escape could earn the competing team $180,000. For the remote jailbreak, the trickiest feat to pull off, the cash prize was a whopping $300,000.

Other hacking targets featured in the competition included remote code execution attacks against Safari running on both Intel and Apple Silicon MacBook Pro models, the multi-functional Network-Attached Storage server Synology NAS, a Xiaomi Mi 11 smartphone, and Windows 10 and Google Chrome running on notebooks.

What’s Hot on Infosecurity Magazine?