The hacking contest for mobile Pwn2Own finished last Thursday, and left its developers very happy Windows Phone, καθώς οι hackers δεν κατάφεραν να παρακάμψουν το sandbox του λειτουργικού συστήματος της Microsoft.
The Pwn2Own competition, organized by HP's Zero-Day Initiative (ZDI) division, focuses on zero-day demonstration exploits which can be used to fully control the device.
On the last day of the event, Nico Joly, a veteran researcher of the famous French companysecurity Vupen, tested his skills on a Lumia 1520 (Windows Phone) device, trying to do exploit στο πρόγραμμα περιήγησης του για να πάρει τον πλήρη έλεγχο της συσκευής.
However, the sandbox stopped him and all he managed to do was pass to base δεδομένων των cookies. Γνωρίζεται ότι τα cookies μπορούν να χρησιμοποιηθούν από κάποιον hacker για να αποκτήσει πρόσβαση στους online λογαριασμούς του ιδιοκτήτη της συσκευής.
Immediately after Jüri Aedla, he launched an attack on the Android operating system. The attack was done via WiFi from a DHCP glitch that allows remote code execution on a Nexus 5. The hacker could not take control of the device.
This year's Pwn2Own competition was sponsored by Google and Blackberry, which offered $ 425.000 in cash prizes. Held in Tokyo during the PacSec security conference.
On the first day of the competition, the hackers managed to successfully breach several devices such as the Samsung Galaxy S5, the LG Nexus 5, Apple's iPhone 5S and Amazon's Fire Phone.
Near Field Communication (NFC) was used as a carrier in three cases, two of which targeted Galaxy S5 by Jon Butler of MWR Infosecurity and the MBSD team in Japan. The same feature was used for the Nexus 5 violation by Adam Laurie of Aperture Labs.
IPhone was violated by lokihardt @ ASRT who used two bugs to bypass the sandbox of the Safari web browser.
->