Thursday, March 10, 2011

Pwn2Own Day Two: iPhone 4, BlackBerry Both Go Down

On day two of the Pwn2Own security researchers had their chance to take on several of the markets latest smartphones. Included where an Apple iPhone 4, RIM BlackBerry Torch 9800, Nexus S running Google's Android and Dell Venue Pro running Windows. At the end of the day only two challengers reamined unbroken the Dell and the Nexus S both of which went unchallenged.

Long time Pwn2Own contestant Charlie Miller became the first four time winner teaming with Dion Blazakis to take down the iPhone 4. The hack utilized a drive-by exploit on a rigged web-page. Once the phone visited the page a lfaw in MobileSafari was exploited to swipe the phone’s address book

In an interview with ZDNet, Miller said the attack works perfectly against an iPhone running iOS 4.2.1 but will fail against the newest iOS 4.3 update.

“If you update your iPhone today, the [MobileSafari] vulnerability is still there, but the exploit won’t work. I’d have to bypass DEP and ASLR for this exploit to work,” Miller said.

On the BlackBerry, a multi-national team composed of Vincenzo Iozzo, Ralf-Philipp Weinmann and a third researcher from the Netherlands were able to successfully hack their BlackBerry Torch combining two information leak bugs and an integer overflow bug to exploit. The WebKit based BlackBerry browser was exploited to run their code on the phone.

The teams each will receive a check for $15,000 from TippingPoint, as well as the smartphones they exploited, in a ceremony Friday at CanSecWest.

There is still one more day of the contest however it is unlikely that anyone would step forward to attempt exploits of the still-standing browsers and smartphones. No one, for instance, has attempted Mozilla's Firefox, Google's Chrome or the other two smartphones.

Day one results: Pwn2Own Day One: No Surprises Here Safari, IE Both Hacked

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you