Pwn2Own members hacked Galaxy SIII and iPhone 4S
The well-known competition of experts in computer and mobile security, Mobile Pwn2Own, again showed excellent results. Participants in the contest easily demonstrated the vulnerabilities of such well-known smartphones as the Galaxy SIII and iPhone 4S. In the first case, the vulnerability was found in NFC technology, in the second - in the WebKit engine.
As for the iPhone, vulnerabilities, according to hackers (in this case we use this word in a positive, initial sense), are affected by devices based on iOS 5.1.1 and iOS 6 (the version that was available at the time of the competition). That is, you can hack iPod touch, iPad, iPhone 4. Vulnerability allows you to get full access to the contents of the phone, including mail, SMS messages, contacts, files, and much more.
The exploit, according to crackers, was developed in just a few weeks, and by no means with a full load of crackers. The malware is downloaded when the victim visits the hackers site using his phone.
By the way, representatives of Certified Secure from the Netherlands were involved in Apple devices.
And Galaxy S III "broke" the guys from MWR Labs. Due to the vulnerability found in NFC, they were able to transfer malware from the device to the device. The transferred malicious software was automatically installed on the new device, and opened full access to the contents of the memory to crackers. In this case, the application works in the background, so that the victim does not notice the attack.
Hackers were able to gain full access to SMS - messages, pictures, e-mail, contacts and other information. Hackers reported that access is as complete as possible. And the exploit itself is aimed at the default application viewer, which is installed on the Galaxy S2, S3 and some HTC devices. So these devices are also subject to cracking.
Unfortunately, neither the first nor the second case is described in detail, in order to avoid the repetition of the experience of the contest participants by real attackers.
Well, our security technology experts received a good reward of $ 30 thousand. Plus, the teams were awarded smartphones from BlackBerry.
Via computerworld + computerworld