ZDNet

July 20, 2012

Pwn2Own goes mobile: $200,000 prizes for iOS, Android, BlackBerry zero-day attack

Share
pwn2own_mobile
(This was the scene at the very first iPhone hack at the CanSecWest Pwn2Own contest in 2010 when Vicenzo Iozzo teamed up with Ralf Philipp Weinmann to pop Apple’s iPhone device).

Conference organizers at EuSecWest in Amsterdam are dangling $200,000 in cash prizes to security researchers who demonstrate zero-day attacks against the most widely deployed smart phones.

The cash bounty will form part of Mobile Pwn2Own 2012, a special edition of the hacker challenge that pits vulnerability finders and exploit writers against fully patched computers and smart phones.

[SEE: Pwn2Own 2010: iPhone hacked, SMS database hijacked ]

TippingPoint ZDI, which is sponsoring the contest along with ATT and BlackBerry, says the primary goal is to demonstrate the current security posture of the most prevalent mobile technologies in use today; including attacks on mobile web browsers, Near Field Communication (NFC), Short Message Service (SMS), and the cellular baseband.  

follow Ryan Naraine on twitter

The organizers plan to shell out a $100,000 prize for a successful hack of Cellular Baseband and $40,000 each for zero-day exploits against NFC and SMS.   For a mobile web browser hack, Pwn2Own will pay $20,000.

TippingPoint ZDI says each contestant will be allowed to select the device they wish to compromise during a pre-registration process. 

“The only requirement is that it be a current device and running the latest operating system.  The exact OS version, firmware and model numbers will be coordinated with the pre-registered researcher,” the company said. 

Some examples of devices include:

  • BlackBerry Bold 9930
  • Samsung Galaxy SIII
  • Nokia Lumia 900
  • Apple iPhone 4S

For an attack to be deemed successful, it must use a zero-day vulnerability and must require “little or no user interaction.”

To win the prize, hackers must also compromise or exfiltrate useful data from the phone.

“Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope,” the company explained.

A special RF isolation enclosure will be provided to facilitate hacks without breaking local laws. 

Mobile platforms have been a staple at previous Pwn2Own contests but, apart from a few hits on Apple’s iPhone and RIM’s BlackBerry, they have emerged mostly unscathed.

Share





 
 

 
 

Barnes & Noble quits Nook tablets, stays focused on eReaders

(Image: Barnes Noble) A couple years ago I asked if there was a clear winner between a Kindle Fire and BN Nook Tablet. It turns out there is now, as Barnes Noble announced they will no longer manufacture color Android-based tab...
by Geek Staff
0

 
 
 

Sony announces 6.44 inch water-resistant Xperia Z Ultra for Q3

(Image: Sony) Sony recently announced the Xperia Z for T-Mobile and today offers up a competitor in the large smartphone, aka phablet, market with the Sony Xperia Z Ultra (PDF press release). CNET hands-on with the Xperia Z Ult...
by Geek Staff
0

 
 
 

10 tips for better battery life for Android phones

Previous | Next Image 1 of 11 How to get more battery life out of Android phones (and tablets) In the early days of Android it was a real chore to reach the end of a busy day with battery life left. That’s improved over...
by Geek Staff
0