Slashdot Mirror

← Back to Stories (view on slashdot.org)

All Five Smartphones Survive Pwn2Own Contest

Posted by Soulskill on from the can't-hit-a-mobile-target dept.

CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'" Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.

4 of 144 comments (clear)

  1. Re:Chrome only browser ... by pxlmusic · · Score: 5, Insightful

    as someone who recently gave Opera another go, i can see why.

    i would appear that i've been missing out

    --
    "If for any reason you're not satisfied with our service, I hate you."
  2. Re:Chrome only browser ... by worip · · Score: 3, Insightful

    Chrome is also one of the newest browsers in the market. The longer a browser is out there, the longer the time someone can develop a hack for it. I bet for the next contest, presuming that Chrome will still be around, there will be a few Chrome hacks to go around.

    --
    A picture is worth exactly 1024 words.
  3. Re:Hmm by Yamamato · · Score: 3, Insightful
    No, he's just not an idiot. BTW Apple pays people to report verifiable bugs to them. Does that make all those people black hats too? You never actually mentioned why he should do free work for Apple when they pay others to do the same thing.

    You talked earlier about the value of vulnerabilities. Was it a surprise that he (Nils) basically gave up three "high-value" bugs for $5,000 each?

    It's clear he's incredibly talented. I was shocked when I saw someone sign up to go after IE 8. You can get paid a lot more than $5,000 for one of those bugs. I've talked to a lot of smart, knowledgeable people and no one knows exactly how he did it. He could easily get $50,000 for that vulnerability. I'd say $50,000 is a low-end price point.

    For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they're paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac.

  4. Re:Chrome only browser ... by Actually,+I+do+RTFA · · Score: 3, Insightful

    Chrome was the only browser in the contest that was not successfully exploited... why didn't they include Opera

    For the same reason high school sports teams don't play NFL teams; it just would be disheartening to the players.

    My guess is that Opera never really got the attention because it never had a big company pushing it (MS, Apple, Google, and Firefox had the whole Mozilla/FOSS thing).

    --
    Your ad here. Ask me how!