Slashdot Mirror

← Back to Stories (view on slashdot.org)

All Five Smartphones Survive Pwn2Own Contest

Posted by Soulskill on from the can't-hit-a-mobile-target dept.

CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'" Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.

10 of 144 comments (clear)

  1. Not any tougher on iPhone according TFA by Shatrat · · Score: 4, Informative
    Apparently the safari exploit

    "should work on the iPhone but the bug couldn't (be) used twice in the competition."

    So the iPhone should be quite vulnerable, but wasn't compromised because it wouldn't have been eligible for the award since it was the same exploit used against OS X in the first day.

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    1. Re:Not any tougher on iPhone according TFA by Jedi_Master_SS · · Score: 5, Informative

      The iPhone uses a modified version of WebKit (see webkit.org) which is the same engine behind Safari and quite a few other things not just from Apple but other sources as well.

  2. A Symbian with a browser? by Anonymous Coward · · Score: 5, Funny

    I saw one of them Symbian's on the internet once. But I didn't know it could have a browser. I thought it was used more for content production.

  3. Chrome only browser ... by Thornburg · · Score: 4, Interesting

    Chrome was the only browser in the contest that was not successfully exploited... why didn't they include Opera, or any of the non-webkit open source browsers other than Firefox? (Ok, they may be fairly obscure, but surely Opera is well known enough, right?)

    1. Re:Chrome only browser ... by Anonymous Coward · · Score: 5, Funny

      They didn't want to give Opera any more ammunition against the other browsers.

    2. Re:Chrome only browser ... by pxlmusic · · Score: 5, Insightful

      as someone who recently gave Opera another go, i can see why.

      i would appear that i've been missing out

      --
      "If for any reason you're not satisfied with our service, I hate you."
  4. Hmm by LizardKing · · Score: 4, Funny

    Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year.

    Definitely a black hat then, as I'm assuming if he'd reported the vulnerability when he'd found it even Apple would have patched it by now.

    1. Re:Hmm by Yamamato · · Score: 5, Interesting
      No, it's because he's not going to do free work for Apple.

      Did you consider reporting the vulnerability to Apple?

      I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there's value to this work. No more free bugs.

    2. Re:Hmm by LizardKing · · Score: 5, Interesting

      No, it's because he's not going to do free work for Apple.

      That's precisely the attitude of a black hat. A responsible hacker notifies the vendor or author of the issue, giving them a reasonable amount of time to release a fix. If the fix is forthcoming in a timely manner, the hacker should be thanked in the release notes and is then free to post a description of the issue along with a proof of concept exploit if they like. If a fix is not forthcoming in a timely manner, and no reasonable explanation given by the vendor or author, then the hacker releases the description in the knowledge that they've adhered to the widely acknowledged good practice. This is responsible full disclosure.

      A black hat doesn't notify the vendor in order to gain some kind of material benefit - be it selling the exploit or using it directly for personal gain. Funnily enough personal gain is what this guy did it for, making him a scumbag black hat hacker.

  5. Final Score (From DVLabs blog) by Deathlizard · · Score: 4, Informative

    Browsers
    Chrome: 0***
    IE8: 1**
    Firefox: 1(1)*
    Safari: 2(1)*

    Mobile Browsers
    Android: 0
    iPhone: 0
    Nokia/Symbian: 0
    Windows Mobile: 0
    Blackberry: 0****

    *Numbers in parenthesis indicate Successful exploits that fell outside the contest criteria and therefore could not be rewarded.
    **Exploit Confirmed by MS
    ***Chrome was impacted by one of the flaws, although exploit was not possible using any current known techniques.
    ****The Blackberry was attempted and resulted in "Something Interesting", but not an exploit.

    --
    In Soviet Russia, Trojan exploits YOU!