Slashdot Mirror

← Back to Stories (view on slashdot.org)

All Five Smartphones Survive Pwn2Own Contest

Posted by Soulskill on from the can't-hit-a-mobile-target dept.

CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'" Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.

6 of 144 comments (clear)

  1. A Symbian with a browser? by Anonymous Coward · · Score: 5, Funny

    I saw one of them Symbian's on the internet once. But I didn't know it could have a browser. I thought it was used more for content production.

  2. Re:Chrome only browser ... by Anonymous Coward · · Score: 5, Funny

    They didn't want to give Opera any more ammunition against the other browsers.

  3. Re:Chrome only browser ... by pxlmusic · · Score: 5, Insightful

    as someone who recently gave Opera another go, i can see why.

    i would appear that i've been missing out

    --
    "If for any reason you're not satisfied with our service, I hate you."
  4. Re:Not any tougher on iPhone according TFA by Jedi_Master_SS · · Score: 5, Informative

    The iPhone uses a modified version of WebKit (see webkit.org) which is the same engine behind Safari and quite a few other things not just from Apple but other sources as well.

  5. Re:Hmm by Yamamato · · Score: 5, Interesting
    No, it's because he's not going to do free work for Apple.

    Did you consider reporting the vulnerability to Apple?

    I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there's value to this work. No more free bugs.

  6. Re:Hmm by LizardKing · · Score: 5, Interesting

    No, it's because he's not going to do free work for Apple.

    That's precisely the attitude of a black hat. A responsible hacker notifies the vendor or author of the issue, giving them a reasonable amount of time to release a fix. If the fix is forthcoming in a timely manner, the hacker should be thanked in the release notes and is then free to post a description of the issue along with a proof of concept exploit if they like. If a fix is not forthcoming in a timely manner, and no reasonable explanation given by the vendor or author, then the hacker releases the description in the knowledge that they've adhered to the widely acknowledged good practice. This is responsible full disclosure.

    A black hat doesn't notify the vendor in order to gain some kind of material benefit - be it selling the exploit or using it directly for personal gain. Funnily enough personal gain is what this guy did it for, making him a scumbag black hat hacker.