All five smartphones survive PWN2OWN hacker contest
- 25 March, 2009 08:23
- Comments
None of the five smartphones slated for attack at last week's PWN2OWN hacking contest were compromised, a sign that security researchers have yet to adapt to the limitations of mobile, said the company that put up the prize money.
"With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work," said Terri Forslof, manager of security response at 3Com Inc.'s TippingPoint.
Although three of the four browsers up for grabs at PWN2OWN quickly fell to a pair of researchers -- netting one of them US$5,000, the other $15,000 -- none of the smartphones was successfully exploited. TippingPoint had offered US$10,000 for each exploit of any of the phones, which included Apple Inc.'s iPhone and the Research in Motion Ltd. (RIM) BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems.
"Take, for example, [Charlie] Miller's Safari exploit," said Forslof, referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. "People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?" she said. "The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone."
Even though there were no takers last week, Forslof said TippingPoint is planning to offer a mobile component to next year's PWN2OWN, which is held at the CanSecWest security conference in Vancouver, British Columbia each March. "Where there is an opportunity, our [security] community finds a way," she said. "I am expecting, absolutely, that the research community will find ways around the limitations of mobile.
"I'm feeling pretty confident that those barriers to exploit mobile will be overcome in the next year," Forslof added.
Another issue TippingPoint identified in the inaugural mobile hacking contest were the unexpected complications that the possible combinations of handsets, operating systems and carriers introduced into the exploit equation. "We didn't realize how complicated it was" until it was too late, she said. As a result, in some cases TippingPoint wasn't able to pin down the exact phone or operating system version early enough to give researchers the lead time they needed to work up an exploit of a vulnerability they might have already uncovered. "Mobile isn't the same as 'Here's a laptop and an OS on it'," said Forslof. "Each carrier has its own unique stuff going on with these phones."
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
-
Dymocks taps Android for e-book, tablet move
-
Droid Razr Maxx: An Android smartphone for big talkers
-
Lenovo ordered to pay €1920 for making French laptop buyer pay for Windows too
-
Wikileaks suspect to face US court-martial
-
Wikileaks suspect to face US court-martial
-
Teach Yourself Visually Windows 7
-
Windows 7 for Dummies® Dvd+book Bundle
-
Computers for Seniors for Dummies, 2nd Edition
-
Office 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Dummies®
-
MYOB Software for Dummies 6E Australian Edition
-
Windows 7 for Seniors for Dummies®
-
Microsoft Office
-
Office 2007 for Dummies
Get exclusive access to Techworld news, reports & analysis. 
Comments
Post new comment