Trailrunner7 writes: A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted. Using an exploit against a previously unknown vulnerability, the duo — Vincenzo Iozzo and Ralf Philipp Weinmann — lured the target iPhone to a rigged Web site and exfiltrated the SMS database in about 20 seconds. The exploit crashed the iPhone's browser session but Weinmann said that, with some additional effort, he could have a successful attack with the browser running. "Basically, every page that the user visits on our [rigged] site will grab the SMS database and upload it to a server we control," Weinmann explained. Iozzo, who had flight problems, was not on hand to enjoy the glory of being the first to hijack an iPhone at the Pwn2Own challenge.