All five smartphones survive PWN2OWN hacker contest

by Gregg Keizer

Be the first to comment | 4I like it!
Tags: hack, pwn2own

on this topic

March 24, 2009, 03:34 PM — Computerworld —

None of the five smartphones slated for attack at last week's PWN2OWN hacking contest were compromised, a sign that security researchers have yet to adapt to the limitations of mobile, said the company that put up the prize money.

"With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work," said Terri Forslof, manager of security response at 3Com Inc.'s TippingPoint.

Although three of the four browsers up for grabs at PWN2OWN quickly fell to a pair of researchers -- netting one of them $5,000, the other $15,000 -- none of the smartphones was successfully exploited. TippingPoint had offered $10,000 for each exploit of any of the phones, which included Apple Inc.'s iPhone and the Research in Motion Ltd. (RIM) BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems.

"Take, for example, [Charlie] Miller's Safari exploit," said Forslof, referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. "People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?" she said. "The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone."

12next »

I like it!

Email
Print
Share
- Slashdot
- Digg
- Stumble
- Reddit
- Newsvine

On Twitter now

pwn2own

Refresh results

More Pwn2own Results from Twitter

You are logged in | Sign out

What are you thinking?

Insert this article url

Username or email Password ITworld does not store your password

Cancel

New to Twitter? Create an account

Tweet sent

On Twitter now

pwn2own

More Tweets

Post a comment

Your name: *

E-mail: *

The content of this field is kept private and will not be shown publicly.

Subject:

Comment: *

Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
Lines and paragraphs break automatically.

peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

Quick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

*E-mail address:

*Verify E-mail:

*Job Title:

*Industry:

*Company Size:

*Country

* State:

I would like to receive offers via email from ITworld partners.

By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.

view all newsletters »

	iPhone for Programmers: An App-Driven Approach Everything you need to start developing great iPhone apps. Enter now!
	The Google Way Discover how Google's culture of innovation is reinventing business. Enter now!

All five smartphones survive PWN2OWN hacker contest

On Twitter now

pwn2own

What are you thinking?

On Twitter now

pwn2own

Ease integration of Unix, Linux and Windows-based computers