Skip to main content

Apple, Samsung and Huawei phones fall on day one of Mobile Pwn2Own

Mobile platforms are feeling the pain at the 6th annual Mobile Pwn2Own competition, which is taking place at the PacSec conference in Tokyo.

Apple's iPhone 7 fell three times with two different attacks against Safari and one against Wi-Fi. Samsung's Galaxy S8 fell once via its Internet Browser. And a baseband exploit that could allow an attacker to spoof the device was used against Huawei's Mate 9 Pro.

Trend Micro's Zero Day Initiative announced that on day one, contestants successfully pulled off five exploits against Samsung Galaxy S8, Apple iPhone 7 and the Huawei Mate 9 Pro and earned a staggering $350,000 thus far. Although there are four targets in total, none of the teams took on Google Pixel in day one.

All of the phones are running the latest OS with all available patches installed. There are four targeting categories that cover mobile browsers; short distance attacks happening via Bluetooth, NFC or Wi-Fi; attacks on MMS or SMS messages; and baseband attacks in which the target device communicates with a rogue base station. Money prizes exceed $500,000 this year.

Samsung Galaxy 8 hack

The first successful hack targeted the Internet Browser of the Samsung Galaxy S8. 360 Security's mj0011 leveraged a bug in the Samsung Internet Browser to get code execution and then used privilege escalation in an unnamed Samsung app that persisted after a reboot. The hack earned him $70,000.

iPhone 7 hacks

The next successful attack occurred after Tencent Keen Security Lab targeted the Wi-Fi on an iPhone 7 running iOS 11.1 Keen Lab used four bugs in total, managing to get code execution through a Wi-Fi bug and then escalated privileges for persistence after reboot. Exploiting four bugs earned the team a whooping $110,000!

Richard Zhu, aka fluorescence, pulled off the next successful pwnage of Apple's iPhone 7. He targeted the Safari Browser, leveraging two bugs to exploit Safari and escape the sandbox. Zhu earned $25,000 for the hack.

Huawei Mat 9 Pro hack

Keen Lab had another go, targeting baseband on the Huawei Mate 9 Pro. The researchers used a stack overflow on the baseband processor to earn $100,000.

The Master of Pwn points, which "show an extra level of complexity in the exploit used," as well as the associated cash prize for each are explained here. The add-on bonuses consist of a kernel bonus and a persistence bonus. There are also penalties that remove add-on bonuses.

There will be six more attempts made on day two of Mobile Pwn2Own, including two more targeting Apple and another on baseband.

When this year's contest was first announced, Mike Gibson, vice president of threat research for Trend Micro, said, "Rewarding responsible disclosure of these bugs promotes our overarching goal of making everyone safer online. Researchers participating in the contest gain notoriety and can win a significant amount of money, and vendors are given the opportunity to patch zero-day vulnerabilities that might have otherwise wreaked havoc on their systems."

ZDI first verifies that the attack was a true zero-day exploit and then discloses the vulnerability to the vendor. Representatives from Apple, Google and Huawei are at Mobile Pwn2Own. The vendors have 90 days after disclosure to release a fix or to come up with a reasonable explanation for why they did not before ZDI publishes "a limited advisory including mitigation in an effort to enable the defensive community to protect users."


Source: Apple, Samsung and Huawei phones fall on day one of Mobile Pwn2Own

Comments

Post a Comment

Popular posts from this blog

Samsung is building a revolutionary ROLL-UP smartphone

GETTY • US PATENT OFFICE Example of a flexible display, LEFT, and the illustrations filed with the Samsung patent, RIGHT Samsung has been awarded a US patent for a brand-new foldable, rollable display to use across its smartphone and tablet ranges. The South Korean technology firm recently used its flexible display technology in the award-winning Galaxy S6 Edge, which has a dual curved QHD screen. However this latest patent, which was published by the United States Patent and Trademark Office, shows the company has bolder ambitions for its curved displays. The illustrations filed with the approved patent reveal a cylindrical hub, which houses the rolled display – which unfurls like a pair of window blinds. US PATENT OFFICE The US patent contains a futuristic cylindrical smartphone with a roll-up display Users then pull a tab at the end of the multitouch display to unroll it from the hub and use the full screen real estate available on the tablet or smartphone. To achiev
Post a Comment
Read more

HTC 10 vs Samsung Galaxy S7 / Edge vs LG G5

In the Android world, we follow a familiar release cycle when it comes to flagship smartphones, mostly centered around the two major trade shows, MWC and IFA. This year, Samsung and LG were first out of the gate with their respective flagship offerings being showcased back during MWC 2016, and while HTC was a little late to the party, we now have all three high-end offerings to choose from. Each device brings something unique to the table to help distinguish themselves from the other, and we've covered them extensively here at Android Authority with comprehensive reviews, in-depth comparisons, and feature focus articles. Which is the best of the lot? That is what we aim to find out, as we take a closer look at the HTC 10 vs Samsung Galaxy S7 / Galaxy S7 Edge vs LG G5 in this unique triple-threat versus! Design In design, we start with the LG G5, given its complete departure from the norm with regards to design and build quality. The G5 now features a full-metal
1 comment
Read more

Why do Android fanboys hate admitting that Samsung copied Apple?

It's impossible to cover the mobile market without diving into the good ol' "iOS vs. Android" debate from time to time. These are the two biggest mobile platforms on the planet, so they're constantly being compared. Likewise, Samsung and Apple are the world's top two smartphone vendors, so their phones are constantly pitted against each other as well. Of course, there's another reason Apple and Samsung are often mentioned in the same breath: after entering the market, Samsung quickly grew to become the top mobile device maker on the planet thanks in large part to Apple. First, Samsung did everything it possibly could to copy Apple's iPhone and iPad. Then, it spent billions upon billions of dollars belittling Apple products in TV, online, and print advertising. Samsung spent years positioning its own devices as the cool alternative to Apple's iPhone, and its efforts paid off big time. Even now, Samsung continues to copy Apple all the time acro
Post a Comment
Read more