iPhone 4 and Blackberry fall at Day Two of Pwn2Own
The annual Pwn2Own contest is going on at the CanSecWest conference in Vancouver. Pwn2Own is an interesting contest where security experts are unleashed upon the software products that we use everyday. If the products can be hacked, the succesful exploiters win cash, hardware and bragging rights.
Day one was browser attack day and the Safari browser was the first to fall followed by Internet Explorer 8:
The first browser to fall in the three-day hacking contest was Safari, running on 64-bit version of Mac OS X. It was cracked by a team from Vupen Security in five seconds – all the team had to do was point the browser at a site containing their malicious code to take advantage of a vulnerability in WebKit.
That flaw was yesterday fixed by Apple, but the patch came too late to make it into the browser for the contest.
The second browser to fall was IE8 running on a 64-bit version of Windows 7. It was hacked by researcher Stephen Fewer using a trio of vulnerabilities.
Chaouki Bekrar, who successfully hacked Safari on a fully patched MacBook, explains the hack on e-week:
The winning exploit bypassed ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two key anti-exploit mitigations built into Mac OS X. The team had to launch the calculator application and write to a file on the computer to prove the exploit had successfully gained full user access on the hijacked machine.
“The victim visits a Web page, he gets owned. No other interaction is needed.”
Another team of researchers, Willem Pinckaers and Vincenzo Iozzo, managed to crack a BlackBerry Torch 9800. Each team takes home $15,000 and the handset.
The contest is not all about hacking. The exploits used in the contest are turned over to the sponsor, who in turn releases the information to the manufacturer so security adjustments can be made.