404 Tech Support

Where IT Help is Found

You are here: Home / Articles / Security and Privacy / The results of Mobile Pwn2Own 2013

The results of Mobile Pwn2Own 2013

by

Back in March, the Pwn2Own 2013 contest took place to coincide with CanSecWest. This past week, the second annual Mobile Pwn2Own was held in Tokyo at the PacSec conference.

Previous reporting:

HP and other sponsors like Google’s Android and Chrome teams along with Blackberry are willing to shell out over $300,000 in cash and prizes to those that successfully compromise the chosen targets. Those targets include the Samsung Galaxy S4, the iPhone 5, Microsoft’s Surface RT along with mobile apps and the browser. The vulnerabilities demonstrated at Mobile Pwn2Own were disclosed to the affected vendors.

This year’s Mobile Pwn2Own contest is offering the following prizes to the first contestant who successfully compromises their mobile target in the following categories:

  • Short Distance/Physical Access ($50,000), either:
    • Bluetooth, or
    • Wi-Fi, or
    • Universal Serial Bus (USB), or
    • Near Field Communication (NFC)
  • Mobile Web Browser ($40,000) **
  • Mobile Application/Operating System ($40,000)
  • Messaging Services ($70,000), either:
    • Short Message Service (SMS), or
    • Multimedia Messaging Service (MMS), or
    • Commercial Mobile Alert System (CMAS)
  • Baseband ($100,000)

Contestants are allowed to select the target they wish to compromise during the pre-registration process.  The exact OS version, firmware and model numbers will be coordinated with the pre-registered contestants. The following targets are available for selection:

  • Nokia Lumia 1020 running Windows Phone
  • Microsoft Surface RT running Windows RT
  • Samsung Galaxy S4 running Android
  • Apple iPhone 5 running iOS
  • Apple iPad Mini running iOS
  • Google Nexus 4 running Android
  • Google Nexus 7 running Android
  • Google Nexus 10 running Android
  • BlackBerry Z10 running BlackBerry 10

Drawing from the Zero Day Initiative Twitter and the official HP Pwn2Own website, these are the results compiled onto one page:

The Keen Team, from China, successfully exploited Safari on a non-jailbroken iPhone 5 by capturing Facebook credentials on iOS 7.0.3 and copying a photo from iOS 6.1.4. More details.

Team MBSD, from Japan, successfully exploited several default applications on the Samsung Galaxy S4 just by getting the person to visit a malicious site. With that access, they installed malware and stole confidential data. More details.

Pinkie Pie compromised Chrome on both the Nexus 4 and the Samsung Galaxy S4 taking advantage of an integer overflow and another vulnerability to do a full sandbox escape. More details.

There was an effort to exploit Internet Explorer 11 on Windows 8.1 but it doesn’t seem that it was successful during the contest. More details.

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.