The hacking contest for mobile Pwn2Own ended last Thursday, and left Windows Phone developers very happy, as hackers failed to bypass the Microsoft operating system sandbox.
The Pwn2Own contest, organized by HP's Zero-Day Initiative (ZDI), focuses on demonstrating zero-day exploits that can be used to fully control the device.
On the last day of the event, Nico Joly, a veteran researcher of the famous French security company Vupen, tested its skills on a Lumia 1520 (Windows Phone) device, attempting to exploit the program browser to take full control of the device.
However, the sandbox stopped him and he only managed to get through to the base data of cookies. It is known that cookies can be used by a hacker to gain access to the device owner's online accounts.
Soon after, Jüri Aedla presented an attack on the operating system system Android. Η επίθεση έγινε μέσω του WiFi από ένα glitch του DHCP που επιτρέπει την απομακρυσμένη εκτέλεση κώδικα, σε ένα Nexus 5. Ο hacker δεν μπόρεσε να πάρει τον έλεγχο της συσκευής.
This year's Pwn2Own competition was sponsored by Google and Blackberry, which offered $425.000 in prize money. It was held in Tokyo during the PacSec security conference.
On the first day of the competition, the hackers managed to successfully breach several devices such as the Samsung Galaxy S5, the LG Nexus 5, Apple's iPhone 5S and Amazon's Fire Phone.
Near Field Communication (NFC) was used as a carrier in three cases, two of which targeted Galaxy S5 by Jon Butler of MWR Infosecurity and the MBSD team in Japan. The same feature was used for the Nexus 5 violation by Adam Laurie of Aperture Labs.
IPhone was violated by lokihardt @ ASRT who used two bugs to bypass the sandbox of the Safari web browser.
->
