Skip the navigation
News

All five smartphones survive PWN2OWN hacker contest

One researcher refused to part with iPhone bug for $10k, says contest sponsor

By Gregg Keizer
March 24, 2009 12:00 PM ET

Computerworld - None of the five smartphones slated for attack at last week's PWN2OWN hacking contest was compromised, a sign that security researchers have yet to adapt to the limitations of mobile, said the company that put up the prize money.

"With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work," said Terri Forslof, manager of security response at 3Com Inc.'s TippingPoint unit, which sponsored the contest.

Although three of the four browsers that were targets at PWN2OWN quickly fell to a pair of researchers -- netting one of contestants $5,000 and the other $15,000 -- none of the smartphones was successfully exploited. TippingPoint had offered $10,000 for each exploit of any of the phones, which included Apple Inc.'s iPhone and the Research in Motion Ltd.'s BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems.

"Take for example, Nils' Safari exploit," said Forslof, referring to the German computer science student's hack of the Apple browser, just one of three browsers he broke in short order. "People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?" she said. "The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone."

Even though there were no winners last week, Forslof said TippingPoint is planning to include a mobile component in next year's PWN2OWN contest, which is held at the CanSecWest security conference in Vancouver, British Columbia, each March. "Where there is an opportunity, our [security] community finds a way," she said. "I am expecting, absolutely, that the research community will find ways around the limitations of mobile.

"I'm feeling pretty confident that those barriers to exploit mobile will be overcome in the next year," Forslof added.

Another issue TippingPoint identified in its inaugural mobile hacking contest was the fact that the various combinations of handsets, operating systems and carriers add unexpected complications to the exploit equation. "We didn't realize how complicated it was" until it was too late, she said. As a result, in some cases TippingPoint wasn't able to pin down the exact phone or operating system version early enough to give researchers the lead time they needed to work up an exploit of a vulnerability they might have already uncovered.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Mobile and Wireless White Papers
Digital Transformation: Creating New Business Models Where Digital Meets Physical
Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
Empowering Your Mobile Worker
Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business...
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
Calculating ROI for Mobile Client Acceleration
As mobile devices continue to expand in business use, ensuring these devices have optimal performance is becoming an IT imperative. This EMA paper...
Tablet Computing Without Compromise
This paper provides an overview of how and why that migration-from any old tablet to Windows tablets-came to be.
All Mobile and Wireless White Papers
Mobile and Wireless Webcasts
Live Webcast
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Supporting Mobile Productivity With A Limited IT Budget
Join us and hear from Kaseya mobile IT management experts as we discuss core strategies for supporting the mobile revolution on a shoestring...
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Unified Communications 101
What's the best way to implement a unified communications solution for your organization?
QNX® and BlackBerry® PlayBook™ Tablet.
RIM's multi-processor, multi-tasking BlackBerry PlayBook runs a new Tablet OS powered by QNX, a bullet-proof microkernel operating system. This track will take a...
A Close Look at Tablets
Learn More
All Mobile and Wireless Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs