• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / The results of Mobile Pwn2Own 2013

The results of Mobile Pwn2Own 2013

2013-11-15 by Jason

Back in March, the Pwn2Own 2013 contest took place to coincide with CanSecWest. This past week, the second annual Mobile Pwn2Own was held in Tokyo at the PacSec conference.

Previous reporting:

  • The results of Pwn2Own 2013
  • Mobile Pwn2Own 2012
  • The results of Pwn2Own 2011

HP and other sponsors like Google’s Android and Chrome teams along with Blackberry are willing to shell out over $300,000 in cash and prizes to those that successfully compromise the chosen targets. Those targets include the Samsung Galaxy S4, the iPhone 5, Microsoft’s Surface RT along with mobile apps and the browser. The vulnerabilities demonstrated at Mobile Pwn2Own were disclosed to the affected vendors.

This year’s Mobile Pwn2Own contest is offering the following prizes to the first contestant who successfully compromises their mobile target in the following categories:

  • Short Distance/Physical Access ($50,000), either:
    • Bluetooth, or
    • Wi-Fi, or
    • Universal Serial Bus (USB), or
    • Near Field Communication (NFC)
  • Mobile Web Browser ($40,000) **
  • Mobile Application/Operating System ($40,000)
  • Messaging Services ($70,000), either:
    • Short Message Service (SMS), or
    • Multimedia Messaging Service (MMS), or
    • Commercial Mobile Alert System (CMAS)
  • Baseband ($100,000)

Contestants are allowed to select the target they wish to compromise during the pre-registration process.  The exact OS version, firmware and model numbers will be coordinated with the pre-registered contestants. The following targets are available for selection:

  • Nokia Lumia 1020 running Windows Phone
  • Microsoft Surface RT running Windows RT
  • Samsung Galaxy S4 running Android
  • Apple iPhone 5 running iOS
  • Apple iPad Mini running iOS
  • Google Nexus 4 running Android
  • Google Nexus 7 running Android
  • Google Nexus 10 running Android
  • BlackBerry Z10 running BlackBerry 10

Drawing from the Zero Day Initiative Twitter and the official HP Pwn2Own website, these are the results compiled onto one page:

The Keen Team, from China, successfully exploited Safari on a non-jailbroken iPhone 5 by capturing Facebook credentials on iOS 7.0.3 and copying a photo from iOS 6.1.4. More details.

Team MBSD, from Japan, successfully exploited several default applications on the Samsung Galaxy S4 just by getting the person to visit a malicious site. With that access, they installed malware and stole confidential data. More details.

Pinkie Pie compromised Chrome on both the Nexus 4 and the Samsung Galaxy S4 taking advantage of an integer overflow and another vulnerability to do a full sandbox escape. More details.

There was an effort to exploit Internet Explorer 11 on Windows 8.1 but it doesn’t seem that it was successful during the contest. More details.

Filed Under: Security and Privacy

Trending

  • Palm Mojo SDK for the Palm Pre
    In Code, Hardware, Gadgets, and Products
  • The evolution of Gmail [infographic]
    In Infographics
  • Session Manager extension: Prevent Data Loss in Firefox
    In Software, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in