Pwn2Own: iPhone 4 and BlackBerry Torch hacked

Pwn2Own: iPhone 4 and BlackBerry Torch hackedAt the anuual Pwn2Own competition in Vancouver, hackers have gathered to show off their respective skills, poking holes in the security of phones and browsers.

On day 1, flaws in IE8 and Safari 5 were exposed, though Google Chrome and Mozilla Firefox left unscathed. Day 2 saw the competition turn its attention to phones, including the iPhone 4 and BlackBerry Torch.

The team of Charlie Miller and Dion Blazakis cracked the iPhone 4, successfully deleting the address book with a manipulative browser. The flaw has been addressed by iOS 4.3, which was released this week.

Meanwhile, it took three people to best the BlackBerry Torch 9800. Both teams take away $15,000 and the handset. Not bad for a day’s work.

Windows Phone 7 and Android, hosted on a Dell Venue and Samsung Nexus S respectively, left with their heads held high.

One researcher no-showed the event after an incredible faux pas. Jon Oberheide announced the flaw he intended to expose ahead of time, giving Google ample time to patch it. Oops.

The event is organised by the Zero Day Initiative team at security researchers TippingPoint. The hackers have one day of fun left before retiring to their respective bedrooms.

Read more about: Apple iPhone 4RIM BlackBerry Torch 9800Blackberry OSiOS

Add a comment
 1 comment

JanSt / MOD  Mar. 12, 2011 at 07:25

I'd like to add a bit for the casual reader:
Firefox and Chrome, I believe, went 'unscathed' because none of the attending teams even bothered.
Dito, Geohot (Georg Hotz) didn't attend because he is focussing on his legal quarels with Sony - following his PS3 hack. It's known...well, claimed by him, that he has a number of Windows 7 exploits in his repertoire.

That's a common feature of these hacker 'conferences': individuals and teams prepare and focus on fast exploits to get a shot at the prize. Or they don't come for personal reasons although they'd be quite capable of pwning2own ;) It does NOT mean the 'unscathed' devices are impenetrable. A few years ago at a similar event the E71 got away 'unscathed', and prematurely, many forums interpreted that as a sign of good security features. But shortly thereafter, S60 was facing a rather serious series of sms attacks showing the vulnerabilities of even Nokia's relatively secure OS. Though Nokia found a solution to the problem, it was obvious that they couldn't have prevented it. Pair malicious code and people's natural curiosity (oh, an sms from a stranger. Must not...doh!), and everything is possible ;)


You don't need an account to comment. Just enter your email address. We'll keep it private.