• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / The results of Mobile Pwn2Own 2013

The results of Mobile Pwn2Own 2013

2013-11-15 by Jason

Back in March, the Pwn2Own 2013 contest took place to coincide with CanSecWest. This past week, the second annual Mobile Pwn2Own was held in Tokyo at the PacSec conference.

Previous reporting:

  • The results of Pwn2Own 2013
  • Mobile Pwn2Own 2012
  • The results of Pwn2Own 2011

HP and other sponsors like Google’s Android and Chrome teams along with Blackberry are willing to shell out over $300,000 in cash and prizes to those that successfully compromise the chosen targets. Those targets include the Samsung Galaxy S4, the iPhone 5, Microsoft’s Surface RT along with mobile apps and the browser. The vulnerabilities demonstrated at Mobile Pwn2Own were disclosed to the affected vendors.

This year’s Mobile Pwn2Own contest is offering the following prizes to the first contestant who successfully compromises their mobile target in the following categories:

  • Short Distance/Physical Access ($50,000), either:
    • Bluetooth, or
    • Wi-Fi, or
    • Universal Serial Bus (USB), or
    • Near Field Communication (NFC)
  • Mobile Web Browser ($40,000) **
  • Mobile Application/Operating System ($40,000)
  • Messaging Services ($70,000), either:
    • Short Message Service (SMS), or
    • Multimedia Messaging Service (MMS), or
    • Commercial Mobile Alert System (CMAS)
  • Baseband ($100,000)

Contestants are allowed to select the target they wish to compromise during the pre-registration process.  The exact OS version, firmware and model numbers will be coordinated with the pre-registered contestants. The following targets are available for selection:

  • Nokia Lumia 1020 running Windows Phone
  • Microsoft Surface RT running Windows RT
  • Samsung Galaxy S4 running Android
  • Apple iPhone 5 running iOS
  • Apple iPad Mini running iOS
  • Google Nexus 4 running Android
  • Google Nexus 7 running Android
  • Google Nexus 10 running Android
  • BlackBerry Z10 running BlackBerry 10

Drawing from the Zero Day Initiative Twitter and the official HP Pwn2Own website, these are the results compiled onto one page:

The Keen Team, from China, successfully exploited Safari on a non-jailbroken iPhone 5 by capturing Facebook credentials on iOS 7.0.3 and copying a photo from iOS 6.1.4. More details.

Team MBSD, from Japan, successfully exploited several default applications on the Samsung Galaxy S4 just by getting the person to visit a malicious site. With that access, they installed malware and stole confidential data. More details.

Pinkie Pie compromised Chrome on both the Nexus 4 and the Samsung Galaxy S4 taking advantage of an integer overflow and another vulnerability to do a full sandbox escape. More details.

There was an effort to exploit Internet Explorer 11 on Windows 8.1 but it doesn’t seem that it was successful during the contest. More details.

Filed Under: Security and Privacy

Trending

  • Native HTTPS Comes To Wikipedia
    In Media, Security and Privacy
  • Kindle E-Readers require update before March 22nd
    In Featured, Hardware, Gadgets, and Products
  • Light L16 camera is the first multi-aperture camera
    In Hardware, Gadgets, and Products

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • 3d rendering circuit cloud for cloud computing technology Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource Telecom Application Development: When to Outsource
  • Printer printing document wirelessly from mobile phone or smartphone wifi connection vector flat cartoon illustration, file air print on fax or ink jet via cellphone bluetooth modern design Why Your Business Needs Online Fax Services In 2022
  • 6 Best Ways to Protect Your Business Account 6 Best Ways to Protect Your Business Account
  • How to download videos from Instagram How to download videos from Instagram
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource
  • Why Your Business Needs Online Fax Services In 2022

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2022 · Magazine Pro Theme on Genesis Framework · WordPress · Log in