The third annual Mobile Pwn2Own was held in Tokyo at the PacSec conference. HP with Google Android security team and Blackberry sponsoring are offering cash and prizes totaling over $425,000 to security researchers able to compromise the mobile devices. The payout breakdown provides for different reward levels depending on which vector was used to hack it.
- Mobile Web Browser ($50,000)
- Mobile Application/Operating System ($50,000)
- Reachable by a remote attacker (including through browser)
- Short Distance ($75,000), either:
- Bluetooth, or
- Wi-Fi, or
- Near Field Communication (NFC)
- Messaging Services ($100,000), either:
- Short Message Service (SMS), or
- Multimedia Messaging Service (MMS), or
- Commercial Mobile Alert System (CMAS)
- Baseband ($150,000)
- Limited to Apple iPhone, Google Nexus, BlackBerry Z30 Only
See Pwn2Own.com for more details of the Mobile Pwn2Own event rules.
Many of the latest and greatest devices are available as targets in the competition including the Amazon Fire Phone, Apple iPhone 5S, Apple iPad Mini with Retina Display, BlackBerry Z30, Google Nexus 5, Google Nexus 7, Nokia Lumia 1520, Samsung Galaxy S5.
The schedule and results are currently:
Pwned : lokihardt@ASRT (South Korea), Apple Phone 5S, targeting web browser (possibly Wi-Fi)
Pwned : Team MBSD (Japan), Android (Samsung Galaxy S5), targeting NFC
Pwned : Jonathan Butler (MWR) (South Africa), Android (Samsung Galaxy S5), targeting Wi-Fi (short distance)
Pwned : Adam Laurie (UK), Android (LG Nexus 5), targeting NFC
Pwned : Kyle Riley, Bernard Wagner, Tyrone Erasmus (MWR) (South Africa), Amazon Fire Phone, targeting mobile OS
Partially pwned: Nico Joly (France), Windows Phone, targeting web browser
Partially pwned: Juri Aedla (Estonia), Android, targeting Wi-Fi (short distance)
(The above will be updated as they proceed through the 2 day event, currently underway.)
Read the day one recap and the day two recap at the HP Security Research blog.