Slashdot Mirror
All Five Smartphones Survive Pwn2Own Contest
CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'"
Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.
"should work on the iPhone but the bug couldn't (be) used twice in the competition."
So the iPhone should be quite vulnerable, but wasn't compromised because it wouldn't have been eligible for the award since it was the same exploit used against OS X in the first day.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Browsers
Chrome: 0***
IE8: 1**
Firefox: 1(1)*
Safari: 2(1)*
Mobile Browsers
Android: 0
iPhone: 0
Nokia/Symbian: 0
Windows Mobile: 0
Blackberry: 0****
*Numbers in parenthesis indicate Successful exploits that fell outside the contest criteria and therefore could not be rewarded.
**Exploit Confirmed by MS
***Chrome was impacted by one of the flaws, although exploit was not possible using any current known techniques.
****The Blackberry was attempted and resulted in "Something Interesting", but not an exploit.
In Soviet Russia, Trojan exploits YOU!