The Pwn2Own contest pays contestants for their exploit code, which leverages software flaws to give the attacker a foothold on the machine being attacked. But because of the iPhone's sandbox architecture, Weinmann and Iozzo actually spent much more time working on their payload software.

To make their attack work, they used a technique called "return-oriented programming," in which they essentially cobble together instructions from different parts of the iPhone's memory. But even with this technique, the iPhone's sandbox restricted what they could do once they had hacked into the machine.

Return-oriented programming has been around for more than a decade, but this attack is the first public demonstration of this technique on the Arm microprocessor, contest organizers say.

Iozzo and Weinmann were selected by lot to be the first to try out their attack at the three-day hacking contest. But Iozzo wasn't actually at the conference when his slot came up. A delayed flight caused him to to Vancouver, but a co-worker, Thomas Dullien (better known as Halvar Flake), stood in for him at the contest.

Even though they tested the hack before the contest, Dullien and Weinmann ran into some trouble. "The first try gave us an empty database, but that was probably due to a bug in our database," Weinmann said after winning the prize. A second attempt was successful.