Mobile Pwn2Own Contest Exposes Numerous Vulnerabilities

  • 14 November 2013
  • 1 reply
  • 10 views

Userlevel 7



 
(Source: PCWorld)

 
This year's Mobile Pwn2Own hacking contest, which ran yesterday and today at the PacSec Applied Security Conference in Tokyo contained over $300,000 of prize money up for grabs for participating researchers who could successfully exploit a number of vulnerabilites across various products and operating systems - $117,500 was won. So which exploits were successful?
 
IE 11

Abdul Aziz Hariri and Matt Molinyawe, two security researchers from HP's Zero Day Initiative (ZDI) team (who organized the contest), were able to demonstrate an exploit on Internet Explorer 11 on a Surface RT tablet running the new Windows 8.1.
 
Chrome 
Pinkie Pie, who won a grood deal of money last year for successfully exploiting a number of vulnerabilites in Chrome, was back at it again, exploiting another Chrome vulnerability, this time to compromise a Nexus 4 and Samsung Galaxy S4. He won $50,000 for his work.

 
Unnamed Apps

A Japanese security research team from Mitsui Bussan Secure Directions exploited vulnerabilities in pre-installed apps on a Samsung Galaxy S4 to fully compromise the device, winning $40,000. Another team of security reserachers from China exploited Safari vulnerabilities and were able to hack two iPhone 5's, one running iOS 7.0.3 and the other iOS 6.1.4. The attack, which resulted in data theft (i.e. session cookies, photos and contacts) earned them $27,500.

 
Adhering to the contest rules, Pinkie Pie reported the vulnerabilities to Google so they can be fixed. The IE 11 vulnerabilities were reported to Microsoft.

 
While these are some of the best minds at work to help companies like Google and Microsoft stay secure, there are always malicious hackers who can discover such vulnerabilities as well. The difference? They won't be reporting them for a prize. Instead, they'll be attacking users to steal their money, data, personal info, etc. And with hacker's ambitions coupled with ever-evolving threats, there has never been a better time to secure your personal devices with an internet security solution that can keep up.

 
 

1 reply

Userlevel 7
It looks like Google jumped on the vulnerabilities really quick. According to a PCWorld article from this morning, the company has released emergency updates for Chrome to address the vulnerabilities demonstrated by Pinkie Pie on Thursday at Mobile Pwn2Own. They even patched something extra:
 
"Even though the researcher demonstratedhi s exploit on Chrome for Android, Google also fixed the vulnerabilities in Chrome for Windows, Mac and Linux, as well as in Chrome Frame plug-in for Internet Explorer."

Full story

 



(Source: PCWorld)

Reply