• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Hardware, Gadgets, and Products / Mobile Pwn2Own 2012 shows Galaxy S III and iPhone 4S hack

Mobile Pwn2Own 2012 shows Galaxy S III and iPhone 4S hack

2012-09-19 by Jason

At the EUSecWest 2012 conference, a Mobile Pwn2Own is taking place to test vectors on smartphones mobile web browsers, operating systems, NFC, SMS, and cellular baseband. Prizes are offered to the security researchers able to compromise the device. They will be rewarded with a cash prize and the device itself.

A successful attack against these devices must require little or no user interaction and must compromise or exfiltrate useful data from the phone. Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope.

The rules for Mobile Pwn2Own 2012 are detailed at the Tipping Point site.

Vector : Prize

Mobile Web Browser: $30,000 USD
Mobile Operating System: $30,000 USD
NFC: $40,000 USD
SMS: $40,000 USD
Cellular Baseband: $100,000 USD

Devices

Nokia Lumia 900 (Windows Phone 7.5 OS version: 7.10.8779.8)

HTC Titan II (Windows Phone 7.5 OS version: 7.10.8112.7)

Samsung Galaxy Nexus (GT-I9250 Android version: 4.1.1)

Samsung Galaxy SIII (SGH-T999 )Android version: 4.0.4

Sony Xperia P (Android version: 4.0.4 Build number: 6.1.B.0.544)

BlackBerry Bold 9900 (7.1 Bundle 998 )

Apple iPhone 4S (Version 5.1.1 (9B206) Carrier AT&T 12.0)

(Image courtesy of ZDI Twitter)

So far, the iPhone 4S and Galaxy S 3 have been compromised according to tweets from the Zero Day Initiative.

MWR Labs detailed their exploit of the Galaxy S III running Android 4.0.4 in a posting at their website.

MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation.

More demos and exploits are promised at the conference tomorrow, so watch for this article to be updated with further results.

Update: I guess that was it. No new pwnings surfaced on the second day of Mobile Pwn2Own 2012.

Filed Under: Hardware, Gadgets, and Products, Security and Privacy

Trending

  • I Have Admin Rights! Buttons
    In Media, Security and Privacy, Talking Points
  • ‘You Either Die A Hero Or Live Long Enough To See Yourself Become The Villain’ Makes Sense To Aaron Barr Now
    In Media, News, Security and Privacy
  • Yahoo! Mail on Google Chrome warns of no Adobe Flash
    In Media, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • What is the AllJoyn Router Service on Windows 10? What is the AllJoyn Router Service on Windows 10?
  • Troubleshooting time synchronization for domain-joined computers Troubleshooting time synchronization for domain-joined computers
  • 3d rendering circuit cloud for cloud computing technology What Is An Ellucian Migration And Is It Important?
  • Remote monitoring of text messages on a mobile device Remote monitoring of text messages on a mobile device
  • ​Great Tech Tips For Remote Workers ​Great Tech Tips For Remote Workers
  • Ideas That Will Free up MacBook Hard Drive Ideas That Will Free up MacBook Hard Drive
  • Advantages Of Video Conferencing For Small Businesses Advantages Of Video Conferencing For Small Businesses
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • What Is An Ellucian Migration And Is It Important?
  • Remote monitoring of text messages on a mobile device
  • ​Great Tech Tips For Remote Workers

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2021 · Magazine Pro Theme on Genesis Framework · WordPress · Log in