All Five Smartphones Survive Pwn2Own Contest 144
CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'"
Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.
Chrome only browser ... (Score:5, Interesting)
Chrome was the only browser in the contest that was not successfully exploited... why didn't they include Opera, or any of the non-webkit open source browsers other than Firefox? (Ok, they may be fairly obscure, but surely Opera is well known enough, right?)
Re:Hmm (Score:5, Interesting)
Did you consider reporting the vulnerability to Apple?
I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there's value to this work. No more free bugs.
Re:Hmm (Score:5, Interesting)
No, it's because he's not going to do free work for Apple.
That's precisely the attitude of a black hat. A responsible hacker notifies the vendor or author of the issue, giving them a reasonable amount of time to release a fix. If the fix is forthcoming in a timely manner, the hacker should be thanked in the release notes and is then free to post a description of the issue along with a proof of concept exploit if they like. If a fix is not forthcoming in a timely manner, and no reasonable explanation given by the vendor or author, then the hacker releases the description in the knowledge that they've adhered to the widely acknowledged good practice. This is responsible full disclosure.
A black hat doesn't notify the vendor in order to gain some kind of material benefit - be it selling the exploit or using it directly for personal gain. Funnily enough personal gain is what this guy did it for, making him a scumbag black hat hacker.
Re:Hmm (Score:2, Interesting)
Emphasis mine.
There is no emphasis...
The very quote you mentioned clearly states he uses exploits for profit.
No it doesn't. He said he's not going to go through the trouble of finding and bugs and writing an exploit and then giving it away to Apple for free when they pay others money to do the exact same thing.
The GP is completely right- this guy is a black hat.
Sorry, the GP is wrong unless you have some information of him actually using any exploits for malicious use which I doubt you have.