Researchers participating in the Security Conference PacSec 2013 in Japan have won almost 70 thousands of dollars after they managed to break the device security iPhone and Samsung Galaxy S4. The demonstration was conducted in the competition Pwn2Own.
A Japanese team from Mitsui Bussan Secure Directions won $40.000 for demonstrating a vulnerability that allowed them to steal sensitive data from a Samsung Galaxy S4 and install malicious code into the device's software. The attack method requires the device owner to visit a specially configured by clicking here..
"The consequences of this vulnerability are worrying. While users may be wary when they click on links on their computer they are unlikely to assess the risk on mobile devices. " Heather Goude said , HP's senior security content developer, co-sponsor of the conference.
Meanwhile, eight people in the group Keen Tech Cloud from China showed how someone can exploit a vulnerability in iOS 7.0.3 and steal their login credentials Facebook, a winning cash prize worth 27.500 dollars. The attack managed to bypass Apple's sandboxing, otherwise it would have won much more.
You can watch the video with the attack.
As in the first case, iOS hacking requires the user to click on a particular connection, but that is not a difficult one. This is the first time a Chinese team wins at Pwn2Own with an attack that took less than five minutes to complete.
