Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

iPhone, BlackBerry tumble to Pwn2Own hackers

Gregg Keizer, Computerworld | March 10, 2011
Apple's iPhone 4 and RIM's BlackBerry Torch 9800 both succumbed to hackers today at Pwn2Own, but two other smartphones running Android and Windows Phone 7 were unchallenged, the contest's sponsor said.

The teams each will receive a check for $15,000 from TippingPoint, as well as the smartphones they exploited, in a ceremony Friday at CanSecWest.

However, other Pwn2Own targets, including two smartphones and one browser, came out unscathed because no one stepped up to take them on.

According to Vreugdenhil, the contestants slated to tackle the Samsung Nexus S (running Android) and the Dell Venue (running Windows Phone 7) had canceled earlier, not shown up or had withdrawn for other reasons.

Jon Oberheide, co-founder and CTO of Duo Security, a developer of two-factor authentication software, had said earlier this week that he wouldn't make Pwn2Own because he had told Google about the bug he was going to use to hack. Google patched the vulnerability more than a week ago.

Oberheide had drawn the first slot in the Android part of the smartphone hacking competition.

George Hotz, also known as "geohot," reportedly withdrew last week to focus on his legal battle with Sony. Hotz, a well-known iPhone hacker, made news last month when he and others were sued by Sony after he showed how to jailbreak a Sony PlayStation 3 game console. He had been given first crack at Windows Phone 7.

Also unchallenged today was Mozilla's Firefox, said Vreugdenhil. Sam Dash, who had the pole position, withdrew because he couldn't get his exploit to run reliably.

Wednesday, a team of researchers from French security company Vupen hacked Safari 5 on the Mac, while Irish researcher Stephen Fewer used a three-exploit package to roll over Internet Explorer 8 (IE8).

Pwn2Own has one more day to run, but Vreugdenhil thought it unlikely anyone else would step forward to attempt exploits of the still-standing browsers and smartphones. No one, for instance, has demonstrated an exploit that breaks a smartphone's "baseband" processor, the component used to send and receive radio signals.

In January, Weinmann -- one of the three in the team that hacked the BlackBerry Torch today -- showed an exploit of the baseband processor, which let him turn a smartphone into a remote listening device.

Pwn2Own went to the trouble of building an isolation box that included a fake cellular base station so researchers could demo baseband exploits. But the box has gone unused.

"There's a tiny chance that someone will try tomorrow," Vreugdenhil said today. "But it's uncertain. I wouldn't even give it a 50-50 chance."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.