The annual mobile Pwn2Own zero-day competition has been renewed for the sixth time. So, we get to see new hacks for devices from leading brands like Apple, Samsung, etc. Earlier this year, at Pwn2Own, saw hackers taking down leading software like Ubuntu Linux, Safari, Adobe Reader, Edge, etc.
This year’s mobile Pwn2Own puts upfront a total prize of $500,000 for the contestants. The security researchers and hackers wanting to win the cash prize have to compromise the devices by exploiting vulnerabilities in three categories, namely, web browsers, short distance and WiFi, and baseband.
What got hacked?
Their last year’s flagship iPhone 7 running the latest iOS 11.1 update was sacked three times.
A $110,000 prize was awarded to Tencent Keen Security Lab for code execution on the device using a WiFi bug and escalated privileges which persisted through a reboot. The Lab won another $45,000 for exploiting Safari using one browser-related bug and one system-related bug. The third iPhone 7 hack was performed by the researcher Richard Zhu (fluorescence) who used two bugs to target the Safari web browser.
Samsung Galaxy S8, company’s burn ointment after the Note 7 debacle, also kneeled down in front of the hackers at Pwn2Own. A $70,000 prize was given to 360 Security for using a bug in Samsung Internet Browser to get code execution and taking advantage of a Samsung app bug to escalate privileges which survived through a reboot.
Another modern-day smartphone to get compromised was the Huawei Mate 9 Pro. Again, it was Tencent Keen Security Lab which used a stack overflow in the Huawei baseband processor and won $100,000.
However, there wasn’t all good-good for Tencent, they made two failed attempts. One while exploiting an SGS8 browser bug and another while targeting NFC on Mate 9 Pro.
The smartphone vendors will be notified about the zero-day bugs in their devices after confirming whether they’re true 0-day exploits. A limited advisory will be published if the vendors fail to address the vulnerability after the 90-day non-disclosure window ends.