All five smartphones survive PWN2OWN hacker contest
One researcher refused to part with iPhone bug for $10k, says contest sponsor
Computerworld - None of the five smartphones slated for attack at last week's PWN2OWN hacking contest was compromised, a sign that security researchers have yet to adapt to the limitations of mobile, said the company that put up the prize money.
"With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work," said Terri Forslof, manager of security response at 3Com Inc.'s TippingPoint unit, which sponsored the contest.
Although three of the four browsers that were targets at PWN2OWN quickly fell to a pair of researchers -- netting one of contestants $5,000 and the other $15,000 -- none of the smartphones was successfully exploited. TippingPoint had offered $10,000 for each exploit of any of the phones, which included Apple Inc.'s iPhone and the Research in Motion Ltd.'s BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems.
"Take for example, Nils' Safari exploit," said Forslof, referring to the German computer science student's hack of the Apple browser, just one of three browsers he broke in short order. "People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?" she said. "The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone."
Even though there were no winners last week, Forslof said TippingPoint is planning to include a mobile component in next year's PWN2OWN contest, which is held at the CanSecWest security conference in Vancouver, British Columbia, each March. "Where there is an opportunity, our [security] community finds a way," she said. "I am expecting, absolutely, that the research community will find ways around the limitations of mobile.
"I'm feeling pretty confident that those barriers to exploit mobile will be overcome in the next year," Forslof added.
Another issue TippingPoint identified in its inaugural mobile hacking contest was the fact that the various combinations of handsets, operating systems and carriers add unexpected complications to the exploit equation. "We didn't realize how complicated it was" until it was too late, she said. As a result, in some cases TippingPoint wasn't able to pin down the exact phone or operating system version early enough to give researchers the lead time they needed to work up an exploit of a vulnerability they might have already uncovered.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Workforce Mobilization for Improved Productivity A mobility research director from Aberdeen discusses reasons for extending legacy applications to mobile devices, and an integration strategist from Attachmate shows how...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Mobile/Wireless White Papers | Webcasts