Android and IOS Fall at Pwn2own in Japan
Page 1 of 1
The mobile Pwn2Own event was co-located last weekat the PacSec Conference in Tokyo and offers the promise of $300,000 in prize money to researchers who successfully demonstrate previously unknown mobile attacks and vulnerabilities. Brian Gorenc, manager of ZDI at HP Security Research, told eWEEK in a call from Japan that on Nov. 13, the first day of the competition, researchers from China and Japan were the first to successfully demonstrate their security prowess.
Team MBSD (Mitsui Bussan Secure Direction) from Japan was able to successfully exploit a fully patched, non-rooted Samsung Galaxy S 4 Android phone. The researchers didn't exploit the phone with a single vulnerability; rather they were able to chain together a complex set of flaws across multiple applications that were installed by default on the Galaxy S 4, Gorenc said. The result was that by simply visiting an infected Website, the researchers were able to steal the user's messaging logs, contacts, browsing history and other personally identifiable information.