Android 4.0.4 Zero-Day Found, Galaxy S3 Pwned at Pwn2Own

Today at the EUSecWest conference “PWN2OWN” contest in Amsterdam, MWR labs used a zero-day exploit to pwn an Android based Galaxy S3. MWR Labs used Mercury (their custom made framework to find vulnerabilities) to grab text messages, contacts, pictures and more from the phone:

“MWR showed an exploit against a previously undiscovered vulnerability on a Samsung Galaxy S3 phone running Android 4.0.4. Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation.

The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.”

Check out their website for more information.

About these ads

~ by D. Dieterle on September 19, 2012.

2 Responses to “Android 4.0.4 Zero-Day Found, Galaxy S3 Pwned at Pwn2Own”

  1. en.wikipedia.org/wiki/MemSQL transfer spread sheet knowledge into MemSQL database applying phpmyadmin. Should you need extra place than that to keep your knowledge, you may really need to pick. The option to synchronize PHP and MySQL time is offered now. It’s going to also test every thing to make certain it is really performing on your procedure. With MemSQL also inexperienced software engineers can produce as well as modify databases comprising many tables. To resolve this incorrect predicament, you need to for starters produce the backup on the harmful database. You should have to make your mind up whether you might want to provide an empty discipline or have it loaded.

  2. Reblogged this on lava kafle kathmandu nepal.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 284 other followers

%d bloggers like this: