Researchers participating in the Security Conference PacSec 2013 in Japan have won almost 70 thousands of dollars after they managed to break the device security iPhone and Samsung Galaxy S4. The demonstration was conducted in the competition Pwn2Own.
A Japanese team from Mitsui Bussan Secure Directions κέρδισε 40.000 δολάρια με την επίδειξη μιας ευπάθειας που τους επέτρεψε να κλέψουν ευαίσθητα δεδομένα από ένα Samsung Galaxy S4 και να εγκαταστήσουν malicious code in the device software. The attack method requires the device owner to visit a specially configured website.
"The consequences of this vulnerability are worrying. While users may be wary when they click on links on their computer they are unlikely to assess the risk on mobile devices. " Heather Goude said , HP's senior security content developer, co-sponsor of the conference.
Meanwhile, eight people in the group Keen Tech Cloud from China showed how one can exploit a vulnerability in iOS 7.0.3 and steal its login credentials Facebook, a winning cash prize worth 27.500 dollars. The attack managed to bypass Apple's sandboxing, otherwise it would have won much more.
You can watch the video with the attack.
As in the first case, iOS hacking requires the user to click on a particular connection, but that is not a difficult one. This is the first time a Chinese team wins at Pwn2Own with an attack that took less than five minutes to complete.