March 26, 2009 weblog
PWN2OWN Hacker Contest Targets Smartphones
(PhysOrg.com) -- TippingPoint, a security response team at 3Com Inc, had offered $10,000 for each exploit of any smartphones, which included Apple Inc.'s iPhone and RIM's BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems.
None of the smartphones that were slated for the attack were compromised. With mobile devices limited on memory and processing power, many researchers (hackers) main exploit techniques are not able to work.
TippingPoint also identified unexpected complications with the possible combinations of handsets, operating systems and carriers introduced into the exploit equation. A spokes person at TippingPoint went on to say; "we didn't realize how complicated it was." In some cases TippingPoint wasn't able to determine the exact phone or operating system's version early enough to give researchers the lead time they needed to work up an exploit of a vulnerability they might have already uncovered.
In next years Hackers Contest, TippingPoint plans to work out the details ahead of time so that it can publish the rules and specifications of the smartphones in plenty of time for researchers to prepare.
An Apple iPhone could have been hacked if a researcher had wanted to part with the vulnerability. A TippingPoint spokes person commented, "there was an exploit at the show that could have broken the iPhone, but the researcher said that the $10,000 wasn't enough to part with that level of vulnerability."
Some researchers just want to hold on to the bugs they have uncovered, even when offered $10,000 in cash. They have pride in their own little vulnerability they worked so hard on. But up
© 2009 PhysOrg.com