Mobile Pwn2Own competition at the PacSec conference held in Tokyo over the past week saw the coming together of hackers in one of the most annual hacking contests this year. The Pwn2Own competition does have cash prizes whereby teams can get to win money in return for exploits bypassing security sandbox perimeters. Sponsored this year by Google and Blackberry, teams can win as much as $150,000 for hacks, with cumulative prize pool of $425,000.
However, the teams that discover vulnerabilities have to turn over their discoveries to the organizer and keep them confidential until the overlying hacks have been patched. On the first day of the conference, the following devices were exploited: a Samsung Galaxy S5 was taken advantage of via its NFC chip, to trigger a deserialization exploit in certain code specific to Samsung, another team still used the NFC functionality to abuse the NFC to exploit a logical error. The S5 therefore got a total number of two vulnerabilities. A two-bug exploit targeting NFC capabilities on the LG Nexus 5 was used to force Bluetooth pairing between phones. An Iphone 5S was also exploited by a taken down by a two-bug attack, one of which was successful in executing a full sandbox escape in the Safari browser.
I think its safe to say that the Mobile Pwn2Own theme which has been held over the years, “If a device runs software, it can be hacked” definitely confirmed as various devices running different OS’s succumbed to hacks which would definitely prove fatal in the wrong hands. Mobile Pwn2Own is a great platform for white hat hackers to come together and demonstrate that even the most recent of devices can fall prey to hacks.
source | via