404 Tech Support

Where IT Help is Found

You are here: Home / Articles / Hardware, Gadgets, and Products / Mobile Pwn2Own 2012 shows Galaxy S III and iPhone 4S hack

Mobile Pwn2Own 2012 shows Galaxy S III and iPhone 4S hack

by

At the EUSecWest 2012 conference, a Mobile Pwn2Own is taking place to test vectors on smartphones mobile web browsers, operating systems, NFC, SMS, and cellular baseband. Prizes are offered to the security researchers able to compromise the device. They will be rewarded with a cash prize and the device itself.

A successful attack against these devices must require little or no user interaction and must compromise or exfiltrate useful data from the phone. Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope.

The rules for Mobile Pwn2Own 2012 are detailed at the Tipping Point site.

Vector : Prize

Mobile Web Browser: $30,000 USD
Mobile Operating System: $30,000 USD
NFC: $40,000 USD
SMS: $40,000 USD
Cellular Baseband: $100,000 USD

Devices

Nokia Lumia 900 (Windows Phone 7.5 OS version: 7.10.8779.8)

HTC Titan II (Windows Phone 7.5 OS version: 7.10.8112.7)

Samsung Galaxy Nexus (GT-I9250 Android version: 4.1.1)

Samsung Galaxy SIII (SGH-T999 )Android version: 4.0.4

Sony Xperia P (Android version: 4.0.4 Build number: 6.1.B.0.544)

BlackBerry Bold 9900 (7.1 Bundle 998 )

Apple iPhone 4S (Version 5.1.1 (9B206) Carrier AT&T 12.0)

(Image courtesy of ZDI Twitter)

So far, the iPhone 4S and Galaxy S 3 have been compromised according to tweets from the Zero Day Initiative.

MWR Labs detailed their exploit of the Galaxy S III running Android 4.0.4 in a posting at their website.

MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation.

More demos and exploits are promised at the conference tomorrow, so watch for this article to be updated with further results.

Update: I guess that was it. No new pwnings surfaced on the second day of Mobile Pwn2Own 2012.

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.