Day 1 of Pwn2Own hacking competition witnesses zero-day vulnerabilities in fully patched Apple iPhone 7, Samsung Galaxy S8 and Huawei Mate9 Pro mobile devices
Trend Micro, a global leader in cyber-security solutions, flagged off the annual Mobile Pwn2Own hacking contest at the PacSec security conference in Tokyo, Japan yesterday. Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers to exploit the latest and most popular mobile devices and demonstrate and disclose major zero-day vulnerabilities to tech companies like Apple and Google. Following the contest, vendors will have 90 days to produce patches for these bugs.
“This contest embodies Trend Micro’s leadership in encouraging and facilitating the discovery of zero-day vulnerabilities,” said Mike Gibson, vice president of threat research for Trend Micro. “Rewarding responsible disclosure of these bugs promotes our overarching goal of making everyone safer online. Researchers participating in the contest gain notoriety and can win a significant amount of money, and vendors are given the opportunity to patch zero-day vulnerabilities that might have otherwise wreaked havoc on their systems.”
With prizes totalling more than $500,000 up for grabs this year, security researchers have to find zero-day vulnerabilities in four of the world’s most popular handsets: the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in categories such as browsers, short distance and Wi-Fi, messaging and baseband to pocket the prize money.
The first day of the event, Nov 1, saw a total of seven exploit attempts, of which five were successful. Apple iPhone 7, Samsung Galaxy S8 and Huawei Mate9 Pro were among the successful exploited targets that were fully patched. Also, a total of $350,000 and 55 Master of Pwn points were awarded.
Tencent Keen Security Lab successfully breaching iPhone 7 running on the latest operating system, iOS 11.1 twice. They successfully exploited the Wi-Fi on the Apple iPhone 7 in their first hack by using a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot. The four bugs earned the team a total of $110,000 ($60,000: Wi-Fi exploit + 50,000: Persistence bonus) and 11 Master of Pwn points. The second hack by the Tencent Keen Security Lab saw them successfully targeting the Safari Browser on iPhone 7 using two bugs, one in the browser and one in a system service, and earn them $45,000 and 13 Master of Pwn points.
Next, Security researcher Richard Zhu was also able to target Safari browser using two bugs, a bug in the browser and an out-of-bounds bug in the broker, to escape the sandbox and successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.
Besides the iPhone 7, researchers from 360 Security were able to exploit a chain of flaws in Samsung Galaxy S8 that included a bug in the Samsung internet browser combined with a privilege escalation in a Samsung application that enabled code execution to persist through a reboot. The 360 Security team was rewarded $70,000 by ZDI for its efforts.
Further, Tencent Keen Security Lab was able to successfully demonstrate a baseband exploit using a Huawei Mate9 Pro smartphone that would allow an attacker to spoof the device. Tencent Keen Security Lab earned $100,000 for the baseband exploits.
To know more about Mobile Pwn2Own, please visit here.