Chinese hackers who hacked the iOS in 30 seconds said they ran first.

Chinese hackers 30 seconds remote access to the iOS interviewed said it was running the first to go to the IT Times reporter Pan Shaoying, a iOS7 system with the latest IPhone5 phone photos account password and so was Wang easy to steal. At the third Shanghai Information Security Week in early November this year, Wang, the head of the Acer Cloud Computing Technology Co., was exposed to the crowd. Wang says the cleanest, newest and safest phones can't completely avoid vulnerabilities. On the pwn2own of the world's top information security competition in Tokyo, Japan, in mid-November, Wang and his pals shook the world's technology masters. In less than 30 seconds, the Keen team took the lead in cracking Apple's newest iOS7.0.3 system, the first time iOS7.0.3 has been remotely cracked, Wang the first time they have won the international top-Class hacker championship trophy home. What kind of a group of people is this? How did they play on the battlefield of the unseen smoke? The IT Times reporter has been in contact with the world's top hackers in 0 distances. The champion knocks on the door of victory in a flash. In the week before the Pwn2Own competition, the reporter in Shanghai and keen team leader Wang had a face-to-face communication. All he knew was that the key to the game was to see who first breached the latest iOS system, but he didn't know what the game was about, but he was full of confidence: "It was the first place." "Take the best quality loopholes on the court to win the first, Wang is not empty." The four-member team, composed of Wang, Wu Shi, Chen, and Fang, has been preparing to exploit the vulnerabilities of the IOS7 system to steal user information from August. The exploit of the Spiker Chen told reporters that the production of attack Code is a lengthy and boring process, a code to go through thousands of changes to achieve the ultimate goal. Pwn2Own is not like the ordinary game by the topic to build a simulation environment, and then "sell a flaw", but using the latest iOS system as a game environment, let the contestants break the system, can be said to be "mano" game. The team, which lasted 2 months, worked out 3 sets of games, meaning that 3 vulnerabilities were found. "The biggest worry is that the bugs we found are patched up, and while we're looking for loopholes, Apple is looking for vulnerabilities that will be patched when they find them." If you do not prepare multiple scenarios, chances are that the vulnerabilities that we find will be filled. "Chen said. Just a week before the game, Apple posted a new version of IOS7 on the developer platform, mending more than 200 bugs. The team has been labetalol by an all-night verification that it found that it had not been patched by Apple. In fact, the loophole is not to find a calculated one, the last to get to the stadium must be the best quality loopholes. What is a good quality loophole? Fang told reporters, one is to hide the vulnerability, it is difficult to find, and the second is the value of exploiting the vulnerability, that is, what information can be obtained by exploiting the vulnerability. "A loophole that can only get a phone number and a loophole to get an account password is obviously better." "Fang said. It's a very rigorous game in isolation. There is only one team in a room, the equipment is a iPhone5 cell phone in a box that can block the signal, the box has Wi-Fi transmitter, can let the handset connect Wi-Fi. There is a hole next to the box, the hands of the contestants can be reached into the operation, and the top of the box is transparent, so that contestants can see the phone and operation. At the same time, the box also has a camera, recording the game situation. Fang told reporters that wireless signals are the most vulnerable to eavesdropping, so even the contestants wear metal gloves can shield the signal. "Vulnerabilities are very sensitive information and cannot allow third parties to access any information about vulnerabilities." "Fang said. The mobile phone used for the competition is also provided by the organizers, and the group has prepared a number of iPhone5, such as Unicom version, telecom version, port version, American version and so on, to find and exploit the loopholes. "There are different versions of the iPhone5 when they are cracked because they are not sure which version of the device they will get in the game, so we have studied all the versions," he said. Chen told reporters. The group smiled when the team saw that the organizers offered a Verizon version of IPhone5. Chen said, the feeling is like a test when you see a topic they have done, very happy. At the start of the game, Chen opened a Web page on IPhone5, where photos and account files on Facebook (46.23,-0.47,-1.01%) were quickly displayed on the team's own computer and projected through a camera on a large screen at the game site, The whole process is less than 30 seconds. "The attack is mainly for browsers, as long as the other side open a Web page we set up or scan a two-dimensional code, we have made a good attack code in advance to get the user information, this breach of iOS use is iOS7 on safari security vulnerabilities." "Chen said. "The most impressive thing about the game was the heavily guarded equipment, and after the game, according to the regulations, we will find the vulnerability disclosed to the manufacturer, the attack code in the encrypted USB disk, and sent to the manufacturer through the mail, U disk in the content of light removal is not good, but also to destroy the spot, first break the U disk, and then foot on a bad u disk, Until it cannot be repaired. Fang told reporters. Pwn2Own is one of the world's most famous hacking competitions, sponsored by DVLabs, the Pentagon's TippingPoint supplier, has been the sixth session of the year. Hackers target 4 major web browsers ie, Firefox, Chrome and Safari. The iphone was breached in 20 seconds by two European hackers in the last contest.They took control of the iphone by attacking the Safari browser and successfully sent SMS messages to the designated server.