Samsung Galaxy S5,iPhone 5s and Nexus 5 Hacked at Pwn2Own Competition
In HP's two day competition named Pwn2Own which took place in Tokyo,Japan. Smartphones such as iPhone 5s ,Samsung Galaxy s5 and Nexus 5 using top operating systems like Windows,iOS, and Android are all been hacked. In this two day competition some veteran security researchers around the globe participated.
On day one in the competition the iPhone 5s iOS was the system that has been hacked by the South Korean teams. They found some weakness in the Safari browser and used it to escape the sand box.
The flaw in iOS security was immediately disclosed to Apple, by the zero day initiative.
The first day in the competition is highly sucessful, with two big devices are hacked successfully.The next big device that fell victim to the group of hackers from Japan and South Africa is Samsung Galaxy s5.
The gateway that made the way for the security attack is 'near-field communication (NFC)' attack that trigger a deserialization issue in certain code specific to Samsung. Jon Butler of South Africa’s MWR InfoSecurity also managed to break the Galaxy S5 via NFC.
NFC was also utilized by UK-based researcher Adam Laurie from Aperture Labs to hack an LG Nexus 5.
"A two-bug exploit targeting NFC capabilities on the LG Nexus 5 (a Google-supported device) demonstrated a way to force BlueTooth pairing between phones – a plot point, as several observers noted, on the television show 'Person of Interest'," Shannon Sabens, a senior security content developer at HP, wrote in a blog post summarizing the first day of Mobile Pwn2Own.
Kyle Riley, Bernard Wagner, and Tyrone Erasmus of MWR InfoSecurity used a combination of three vulnerabilities to break the Web browser on the Amazon Fire Phone.
On the day two of the competition was not as successful when you compare it with the day one.On the second day the participants in the competition are only able to attack android and windows devices partially. A participant name Nico Joly able to show some weakness in windows phone Nokia 1520 with an exploit aimed at the smartphone’s web browser, but was only able to exfiltrate the cookie database and could not break the sandbox to gain full access to the system.
A competitor name Jüri Aedla presented the weakness in another device name Nexus 5. He presented the bug in device through Wifi to android device. The event came to an end after that.
Source securityweek
The flaw in iOS security was immediately disclosed to Apple, by the zero day initiative.
The first day in the competition is highly sucessful, with two big devices are hacked successfully.The next big device that fell victim to the group of hackers from Japan and South Africa is Samsung Galaxy s5.
The gateway that made the way for the security attack is 'near-field communication (NFC)' attack that trigger a deserialization issue in certain code specific to Samsung. Jon Butler of South Africa’s MWR InfoSecurity also managed to break the Galaxy S5 via NFC.
NFC was also utilized by UK-based researcher Adam Laurie from Aperture Labs to hack an LG Nexus 5.
"A two-bug exploit targeting NFC capabilities on the LG Nexus 5 (a Google-supported device) demonstrated a way to force BlueTooth pairing between phones – a plot point, as several observers noted, on the television show 'Person of Interest'," Shannon Sabens, a senior security content developer at HP, wrote in a blog post summarizing the first day of Mobile Pwn2Own.
Kyle Riley, Bernard Wagner, and Tyrone Erasmus of MWR InfoSecurity used a combination of three vulnerabilities to break the Web browser on the Amazon Fire Phone.
On the day two of the competition was not as successful when you compare it with the day one.On the second day the participants in the competition are only able to attack android and windows devices partially. A participant name Nico Joly able to show some weakness in windows phone Nokia 1520 with an exploit aimed at the smartphone’s web browser, but was only able to exfiltrate the cookie database and could not break the sandbox to gain full access to the system.
A competitor name Jüri Aedla presented the weakness in another device name Nexus 5. He presented the bug in device through Wifi to android device. The event came to an end after that.
Source securityweek
