Google Search

Custom Search

Sunday, 16 November 2014

Pwn2own mobile 2014 - is windows phone better?

It's has been widely reported since yesterday that a single Lumia 1520 survive with partial access to the system while other targeted device this year falls like domino.

The 2 days event gathered team and personnel from around the world in an event held this year in Tokyo where competitors try to gather full access through multiple point such as browser or NFC.

On the first day, team lokihardt@ASRT from South Korea manage to gain full access to an IPhone 5s through the mobile web browser (possibly wifi) then the other team follow the trend. Second is Team MBSD from Japan also succeed in getting full system access and this time as it was a Samsung Galaxy 5 running Android.

The day continue with success from Jon butler (MHW) from South Africa manage to compromised another Samsung Galaxy S5 this time using NFC. NFC also was used by the fourth contestant Adam Laurie from Apperture Research (UK) to compromise a Nexus 5.

The last contestant of the day was Kyle Ryley, Bernard Wagner, Tyrone Erasmus (MHW) from South Africa targeting an Amazon Fire Phone also manage to gain full system access.

The first day was an eventful day where all targeted device was compromised by all contestant and all eyes are waiting for the second day where another 2 contestants will target 2 more device that is a Lumia 1520 and Nexus 5.

"First, Nico Joly – who refined his competition entry on the very laptop he won at this spring’s Pwn2Own in Vancouver as part of the VUPEN team – was the sole competitor to take on Windows Phone (the Lumia 1520) this year, entering with an exploit aimed at the browser. He was successfully able to exfiltrate the cookie database; however, the sandbox held and he was unable to gain full control of the system." 
- Shannon Sabens, (HP security research blog)

The second day began not as expected as the first contestant, Nico Jolly from France only manage to half compromise the system as he was only able to access the phone cookie database and not the full system when he try to exploit the mobile browser. The trend also continue this time on another Nexus 5 where Jüri Aedla also failed in his attempt to gain full system access.

Any detail of how this devices was compromise are sketchy and will only be made available once the system owner of the compromised system are made aware by HP.

For more information you guys can head over to HP pwn2own blog site or the official website of the event

Source HP , microsoft

No comments:

Post a Comment