Pwn2Own contest sees Apple iPhone, IE8, Firefox and Safari hacked

News by Dan Raywood

The annual Pwn2Own contest has seen the Apple iPhone and nearly all the major browsers hacked.

The annual Pwn2Own contest has seen the Apple iPhone and nearly all the major browsers hacked.

Held at the CanSecWest show in Vancouver, interest has so far centred on the revelation of 20 zero-day flaws in Apple's OS X by security researcher Charlie Miller. While his keynote is awaited though, the Pwn2Own content gave hackers and security experts a chance to demonstrate their ability and try to breach the security of various devices and software.

Reporting from the event, Mashable claimed that Firefox, Safari and IE8 were hacked at the contest. A non-jailbroken iPhone was also hacked and its SMS database stolen by Vincenzo Iozzo and Ralf Philipp Weinmann, who were able to send an iPhone to a website they had set up, crashed its browser and stole its SMS database - including some erased messages.

They won a $15,000 prize for successfully demonstrating the attack, and they said that details about the attack will be released once Apple is notified and the security hole is patched.

Miller managed to hack Safari on a MacBook Pro without physical access, which won him $10,000. This followed his success last year when he cracked the Mac platform in just ten seconds.

Nils (no last name given), head of research at UK based MWR InfoSecurity, won $10,000 for hacking Firefox and independent security researcher Peter Vreugdenhil won the same amount for hacking IE8. Additional details of the IE8 exploit are here.

Mashable claimed that all the browser attacks were done by having the browser visit a malicious website; although full details were not disclosed.

Candid Wueest, a security expert at Symantec, claimed that the ease of which the iPhone was hacked highlights the growing issue of mobile security.

“Although the loss or theft of the physical device is seen as the biggest problem around mobile security, there is also the problem resulting from the increasing volume of ‘stealable' business data which is held on them, made worse by the current poor encryption.

“Mobile platforms have so far been down the ‘pecking order' of cyber criminals compared to desktops computers with just 400 different viruses in existence compared with four million in Windows. Although currently a drop in the ocean, the increased standardisation of mobile platforms will make it more profitable and easier for malware writers to infiltrate mobile devices.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews