World's Biggest Smartphones Hacked at Pwn2Own Competition
iPhone, Galaxy S5 and Nexus 5 all hacked
Some of the world's most popular smartphones, including the iPhone 5s, Nexus 5, and Galaxy S5, were hacked during HP's Pwn2Own competition - as well as Amazon's Fire Phone.
The security of your smartphone is becoming increasingly important as you carry more and more personal and sensitive information in your pocket.
Therefore it will come as a big worry that some of the world's best-selling smartphones were this week hacked at the annual Mobile Pwn2Own competition which is organised by HP's Zero Day Initiative and rewards hackers with up to £100,000 in prizes for revealing flaws in the security of smartphones.
This year, smartphones running iOS, Android and Windows Phone were all compromised (to varying degrees) with a total prize pool of $425,000 on offer with sponsorship by Google's Android team and BlackBerry.
On day one of the two-day event in Tokyo, the iPhone 5s, Samsung Galaxy S5, Nexus 5 and Amazon's Fire Phone were all hacked, while the second day saw the Nokia Lumia 1520 phablet compromised.
iPhone 5s hacked
The iPhone 5s was compromised by members of the South Korean team lokihardt@ASRT who used a combination of two vulnerabilities to successfully hack the device via the Safari browser and achieved "a full sandbox escape".
The Samsung Galaxy S5 was compromised by two separate teams from Japan and the UK, both of which used the NFC chip as the vector for a successful attack.
NFC was a popular attack choice with UK-based Adam Laurie from Aperture Labs using this method to hack the LG-built Nexus 5 smartphone.
"A two-bug exploit targeting NFC capabilities on the LG Nexus 5 (a Google-supported device) demonstrated a way to force BlueTooth pairing between phones – a plot point, as several observers noted, on the television show 'Person of Interest'," Shannon Sabens, a senior security content developer at HP, wrote in a blog post summarizing the first day of Mobile Pwn2Own.
While the iPhone 5s or any previous iPhones don't have NFC capabilities, the iPhone 6 and iPhone 6 Plus have added an NFC chip which could make this attack vector a worry for owners and Apple alike.
MWR InfoSecurity from South Africa was able to compromise the security of the Amazon Fire Phone by using a combination of three separate vulnerabilities.
While the Galaxy S5, Nexus 5 and iPhone 5s have sold in the millions, the Amazon Fire Phone has failed to gain traction with Charles Arthur speculating that it sold just 35,000 units before it launched in the UK in October.
Prioritise security
Speaking after the first day of the event, Ian Shaw of MWR said:
"MWR is proud to receive these awards. Our researchers from across the globe work extremely hard; and entering competitions, such as Pwn2Own, are vitally important as it keeps us at the sharp edge of the industry. This work forms part of a wide-ranging programme of security research at MWR on a global scale and highlights the ongoing need for mobile developers and manufacturers to prioritise security, in order to keep customers safe."
On the second day of Mobile Pwn2Own no full hacks were achieved with the Windows Phone operating system on a Lumia 1520 successfully resisting an attack on its browser, with the sandbox feature preventing Nico Joly from taking full control of the device.
The exploits and vulnerabilities were disclosed privately to the companies including Apple, Samsung and Amazon to allow them time to fix any potential threats, ahead of HP revealing more technical details of the attacks in the coming weeks.
© Copyright IBTimes 2024. All rights reserved.