Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Android Cellphones Handhelds IOS Security

Popular Smartphones Hacked At Mobile Pwn2Own 2014 52

wiredmikey writes Researchers have hacked several popular smartphones during the Mobile Pwn2Own 2014 competition that took place alongside the PacSec Applied Security Conference in Tokyo this week. The competition, organized by HP's Zero Day Initiative (ZDI) targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5. Using various attacks, some Mobile Pwn2Own 2014 Pwnage included: Apple's iPhone 5s (hacked via the Safari Web browser, achieving a full sandbox escape); Samsung's Galaxy S5 (hacked multiple times using near-field communications attacks); Amazon's Fire Phone (Web browser exploited); Windows Phone (partial hacks using a browser attack), andthe Nexus 5 (a Wi-Fi attack, which failed to elevate privileges). All the exploits were disclosed privately to the affected companies. HP promised to reveal details in the upcoming weeks.
This discussion has been archived. No new comments can be posted.

Popular Smartphones Hacked At Mobile Pwn2Own 2014

Comments Filter:
  • BlackBerry (Score:3, Interesting)

    by Anonymous Coward on Thursday November 13, 2014 @12:21PM (#48379079)

    So did they not hack the Z30, or did they not try?

    • by Anonymous Coward

      Windows Phone faster, more secure than iPhone and Android. The only thing they were able to get from the Windows phone is some cookies, while all of the others got owned.

    • They didn't hack a nokia 5100 or a Motorola razr either. Probably for the exact same reason, why expend effort to hack something nobody uses anymore.

      • by Anonymous Coward

        Sounds like a great way to give yourself security while still being able to run the latest Android apps. Anyone who cares about security and wants to run the latest software should consider buying one.

        No, I'm not being facetious. Try one for yourself and get back to me with a list of Android apps you tried yourself with the latest firmware that don't run.

        • sadly I have tried the latest Z30, and no being a smaller security target for people is not worth the pain of being forced to use it. The last few blackberry's combined with the abortion that is the BES made it very easy for where I work to finally pull the plug on blackberry as neither the Users wanted it and the poor bastards having to run BES certainly didn't want it.

          • by Anonymous Coward
            You lie. You don't need BES to run any BlackBerry 10 device.

            The simple fact is that BlackBerry 10 is the most advanced smartphone operating system in existence, and it isn't even close. It was written from the ground up in the smartphone era, and steals the best interface ideas from other older operating systems like Android (stylistically in 10.3), WebOS (previews), and Meego (gestures). It is a QNX microkernel with Qt, with the ability to run sandboxed Android apps. Security wise, it has not been broken.
  • by Anonymous Coward

    Not hacked? How strange. Well, have fun with your Apple Pay and Google Wallet!

    • Why put in any effort to hack a Z30 when there are only eight of them in use?

      • by Anonymous Coward

        I'm sure happy to be one of those eight. It's nice to be 1337.

  • Bend? (Score:3, Funny)

    by ROBOT9001 ( 3888473 ) on Thursday November 13, 2014 @12:23PM (#48379103)
    I heard the new iPhone 6 Plus exploits are very flexible.
  • by rodrigoandrade ( 713371 ) on Thursday November 13, 2014 @12:26PM (#48379139)
    Haven't we learned by now that physical access to a device steamrolls every security measure put in place?? Why are we still shocked and awed by headlines like these?
    • by NotInHere ( 3654617 ) on Thursday November 13, 2014 @12:32PM (#48379207)

      While its true that there is no way to prevent breaking in with physical access (even the "secure element" (an integrated sim card) can be hacked with proper technology), I can't see any attack in TFS that required physical access. A smartphone should be protected against a malicious wifi hotspot or NFC terminal, and I wouldn't regard communications with those as "physical access".

      • by Alrescha ( 50745 )

        "I can't see any attack in TFS that required physical access."

        You read the article? What the hell is wrong with you? /s

        A.

        • TFSINTFA : The Fucking Summary Is Not The Fucking Article

          you have a 5 digit ID you should know that.

          • by Alrescha ( 50745 )

            Yes, I caught it after I posted. I blame it on the caffeine, and one can't edit.

            Sorry you missed a perfect opportunity to reply to my humorous post with one of your own. I think something along the lines of "Of course I didn't read the actual article - do you think I'm crazy?" would have been a good choice. But perhaps only someone with a 5-digit ID would have seen that...

            A.

    • by locotx ( 559059 )
      Physical access IS root access !
    • Physical access isn't needed for all these attacks. For example, on the iPhone, all it would take would be to get a user to visit a page hosting the malicious code. It may require some social engineering or a watering hole attack but that's not incredibly difficult.

    • by hey! ( 33014 )

      I dunno. Has anyone ever (publicly) cracked a disk encrypted with bitlocker and TPM? I'm sure it can be done, but it'd be surprising if it were done without ripping the computer apart and using exotic equipment to peer into the state of the TPM.

    • by mjwx ( 966435 )

      Haven't we learned by now that physical access to a device steamrolls every security measure put in place?? Why are we still shocked and awed by headlines like these?

      Except that these can all be remote exploits.

      - The Iphone 6 was pwned first via a web browser exploit allowing the exploit to escape the sandbox.
      - The Samsung Galaxy S5 was second with an NFC exploit.
      - The Nexus 5 was third with a Bluetooth exploit that forced a pairing between devices

      All three of these can be executed remotely, however of the three only the Iphone attack escaped the sandbox. The NFC exploit used on the Samsung can be used on all NFC enabled Android phones but it uses a model specif

  • In Apple's defense, all the hacks were executed via the Flash plug-in, Java and Adobe Reader.

    Oh, this is about iOS devices?

    Apple, what the fuck are you doing?

    • Re: (Score:2, Informative)

      by Anonymous Coward

      iOS Safari is "special" and is the only iOS app that's allowed to have writable, executable pages. (As it is the only app allowed to run the JavaScript JIT compiler.) It should come as no surprise that this means that it is the most obvious attack point, as it's the only iOS app that's allowed to run arbitrary code and that runs by default in a blatantly insecure configuration "for speed."

      I'd make fun of Apple for putting security behind performance, but having used Mobile Safari behind, instead I'll make f

      • iOS Safari is "special" and is the only iOS app that's allowed to have writable, executable pages. (As it is the only app allowed to run the JavaScript JIT compiler.)

        Hmm... interesting... do PC web browsers do the same thing? In that case, one would think that if the OS implements NX protection, then the JS interpreter would not work.

        • No, PC browsers (with the possible exception of Safari?) don't do anything nearly so braindead, nor do any of the other kinds of PC software that use a JIT (a few examples: Java, .NET, Flash). You allocate the memory, with pages mapped R/W. You emit JIT-compiled code into a page. You re-map the page to R/X! Repeat as more pages are needed. You never, even have a R/W/X page.

          In fact, browsers (IE and Chrome at a minimum, probably others) and Flashplayer take things a step further. Since you can generate a hug

          • No, PC browsers (with the possible exception of Safari?) don't do anything nearly so braindead, nor do any of the other kinds of PC software that use a JIT (a few examples: Java, .NET, Flash). You allocate the memory, with pages mapped R/W. You emit JIT-compiled code into a page. You re-map the page to R/X! Repeat as more pages are needed. You never, even have a R/W/X page.

            For Chrome, at least, you're completely wrong. Chrome (or more specifically V8) maps all code pages as RWX, then starts writing and modifying code in-place in those RWX pages. Having writable code is required for several V8 features, like inline caches and code garbage collection. Chrome is just as bad in this regard as Safari. However, it's not allowed to do this on iOS, only on desktops and Android (AFAIK).

  • by Anonymous Coward

    Including the Amazon fire phone? alrighty then.

Every little picofarad has a nanohenry all its own. -- Don Vonada

Working...