HP’s Mobile Pwn2Own 2014 event has taken place in Tokyo, and has seen most of the major smartphone models cracked in one form or another.
Indeed, the first day of the competition saw five teams take down five targets, with nine bugs exploited (and the details of those vulnerabilities reported to the relevant manufacturer, of course).
The iPhone 5S was ‘pwned’ by South Korean veterans lokihardt@ASRT, using a twin bug combination via the Safari browser. One bug facilitated a full Safari sandbox escape.
The Galaxy S5 also fell twice, to Japan’s Team MBSD and Jon Butler of South Africa’s MWR InfoSecurity, both using NFC to exploit the Samsung device.
The Nexus 5 was owned by Adam Laurie of the UK’s Aperture Labs with a two bug exploit which again used NFC, this time forcing Bluetooth pairing between phones. And finally, the MWR InfoSecurity team was successful with a three bug combination against the Fire Phone’s browser.
On day two, there was a different story, with the two attempts only reaching ‘partial pwnage’ as HP’s Senior Security Content Developer, Shannon Sabens, put it – in other words, they cracked one aspect of the target system, but failed to achieve total control.
Jüri Aedla’s target was a Nexus 5 and Android, using a Wi-Fi method with an attack that was successful, as was a previous Firefox attack in the Vancouver Pwn2Own back in the spring – but he wasn’t able to elevate his privileges past that original level.
Nico Joly took on a Lumia 1520 and Windows Phone with a browser-based exploit, and while he managed to extract the cookie database, he failed to gain full control over the system as the sandbox held fast. A good result for Microsoft, then.