PWN2OWN Hacker Contest Targets Smartphones

Mar 26, 2009 by John Messina weblog
Apple's iPhone 3G

(PhysOrg.com) -- TippingPoint, a security response team at 3Com Inc, had offered $10,000 for each exploit of any smartphones, which included Apple Inc.'s iPhone and RIM's BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems.

None of the smartphones that were slated for the attack were compromised. With mobile devices limited on memory and processing power, many () main techniques are not able to work.

also identified unexpected complications with the possible combinations of handsets, operating systems and carriers introduced into the exploit equation. A spokes person at TippingPoint went on to say; "we didn't realize how complicated it was." In some cases TippingPoint wasn't able to determine the exact phone or operating system's version early enough to give researchers the lead time they needed to work up an exploit of a they might have already uncovered.

In next years Hackers Contest, TippingPoint plans to work out the details ahead of time so that it can publish the rules and specifications of the smartphones in plenty of time for researchers to prepare.

An Apple could have been hacked if a researcher had wanted to part with the vulnerability. A TippingPoint spokes person commented, "there was an exploit at the show that could have broken the iPhone, but the researcher said that the $10,000 wasn't enough to part with that level of vulnerability."

Some researchers just want to hold on to the bugs they have uncovered, even when offered $10,000 in cash. They have pride in their own little vulnerability they worked so hard on. But up

© 2009 PhysOrg.com

Explore further: OrangeSec pair said Cortana visited Android

Related Stories

Research on browser weaknesses triggers attacks

Jul 30, 2008

IBM's X-Force says cyber-criminals are using public research on Web browser weaknesses to launch attacks before most users are even aware of their vulnerability. The mid-year report from the security group indicates that ...

Microsoft Investigates IE 7 Vulnerability

Mar 16, 2007

The vulnerability leaves users open to potential phishing attacks. Microsoft is investigating a new flaw uncovered in Internet Explorer 7 that opens users up to phishing attacks.

Recommended for you

OrangeSec pair said Cortana visited Android

2 hours ago

Can, did, Cortana work on Android? A talked-about act at droidcon 2015: a presentation titled "Cracking Cortana." The OrangeSec team arrived at the Turin, Italy, event to show their work in a CortanaProxy ...

Report: Trusted Voice option rolling out for some

Apr 15, 2015

Smart Lock is arguably the best new feature in Android Lollipop, wrote Droid Life founder "Kellex" in March. With a secure lock screen set, he said, the user gets a number of options in Smart Lock to keep the phone or tablet quickly unlockable w ...

Redirect to SMB vulnerability in Windows discovered

Apr 14, 2015

News stories on tech spots on Monday reported that the Irvine, California, security company Cylance's SPEAR research team discovered a vulnerability relating to all versions of Windows including the Windows ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

RayCherry
not rated yet Mar 26, 2009
using a number of 'smart phones' as a single internet access point paid for by unsuspecting strangers will certainly yield $10,000 in a few months. selling that solution to just ten customers could yield ten times as much - plus all the personal information gathered as a bonus. I hope that Apple has tracked the path used by that 'researcher' to provide a fix for the iPhone vulnerability urgently

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.