All Five Smartphones Survive Pwn2Own Contest

CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'" Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.

A Symbian with a browser?

I saw one of them Symbian's on the internet once. But I didn't know it could have a browser. I thought it was used more for content production.

Re:Chrome only browser ...

They didn't want to give Opera any more ammunition against the other browsers.

Re:Apple security

[Rayban]

[citation needed]

Re:Chrome only browser ...

[n1ckml007]

yeah I tend to sing Opera's praises.

Hmm

[LizardKing]

Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year.

Definitely a black hat then, as I'm assuming if he'd reported the vulnerability when he'd found it even Apple would have patched it by now.

Re:Hmm

[Phroggy]

Looks like all that supposed security you hear about in Mac OS X is really just a huge joke.

A lot of it is, yes. And, some of that supposed security in Windows Vista... really is improved security, not a joke.

From the average user's perspective, Macs are more secure right now, because they're not targeted. I don't run any antivirus software on my Mac, because I'm confident that I won't encounter a Mac virus. In general, the people writing viruses don't know how to write for Macs, and the people writing for Macs don't want to write viruses. There used to be a handful of Mac viruses back in the 90s, but those have all gone away. Every once in awhile we hear about a new proof of concept, but nothing ever really comes of it.

But there's nothing inherent about the way Mac OS X works that guarantees this situation to remain true. As Macs gain marketshare, they'll gain mindshare among malware authors. As buying a Mac becomes a more attractive option to regular people, it will become a more attractive option to malware authors, and once they have a Mac to play with, they'll start writing malware for it.

Meanwhile, everybody says Vista is a joke; they'll upgrade when you pry XP from their cold dead fingers. People who have never even tried Vista bitch about "Cancel / Allow" dialogs. They say Microsoft completely dropped the ball by breaking compatibility with older software. While I'll be the first to agree that UAC's UI leaves much to be desired, I do leave it turned on*, and I generally know when to expect a prompt. For the thing in the system tray that needs Administrator privileges, I went to the trouble of working around UAC by adding it as a scheduled task that runs on login - this is far too complicated for normal users, and obviously either the software that needs this needs to be updated, or UAC needs an "always allow" option.

Microsoft broke compatibility because they had to in order to improve security. Every once in awhile an argument breaks out on Slashdot that goes something like this:

1) Windows sucks, because normal user accounts have Administrator privileges, which is just like running as root on Linux, which nobody ever does.
2) That's because if you don't have Administrator privileges, half your applications won't run.
3) Windows sucks, because Linux apps run just fine without needing root privileges.
4) It's not Microsoft's fault, it's the application developers' fault for designing their app with the expectation that it will always have Administrator privileges.
5) It is Microsoft's fault, because those app devs designed their app to work on Win98, which had no concept of per-user security, so apps could reliably expect to have unfettered write access to C:\Program Files. Microsoft shouldn't have allowed this.
6) Macs are awesome!
7) It's the year of Linux on the desktop!
8) Shut up, both of you.

Microsoft knew the status quo was broken, and that brokenness isn't sustainable. Their only long-term choice was to break compatibility by forcing applications to conform to new security standards. They've done that, and everyone bitched, but the apps have been fixed. Nobody realizes the apps have been fixed, because everybody switched back to (or stayed with) XP, but Windows 7 will be hugely popular (Microsoft is also fixing some of the real problems with Vista).

Grammar Nazi alert

[Linker3000]

"none....was..." puhleeze!

Re:Not any tougher on iPhone according TFA

At least you had balls to make fool out of yourself without being anonymous coward :-)

Re:DIE HACKER DIE

[petehead]

DIE HACKER DIE

Your German is unintelligible to me.

Re:Not any tougher on iPhone according TFA

Chrome is built using WebKit.

Which raises the question, why is Safari less secure than Chrome?

Safari was developed by Apple therefore security was overlooked for style and usability.