Security Research
Showing results for 
Search instead for 
Do you mean 

Mobile Pwn2Own 2013 Yields Exploits in Safari, Samsung S4 applications

Brian_Gorenc on ‎11-13-2013 06:07 PM

Mobile Pwn2Own 2013 started out with a bang. HP’s Zero Day Initiative and competition co-sponsors Google and Blackberry awarded $67,500 USD for the disclosure of multiple 0-day vulnerabilities and exploit techniques in the Safari browser and mobile applications.  We are excited to bring Pwn2Own to Japan to see the breadth of research from across the world, including exploits which reveal techniques that can help internal security teams improve their mitigations. 


As mobile technology advances, an abundance of new risks and vectors for security vulnerabilities is emerging.  From mobile browser to baseband process, this competition is designed to highlight researchers that are working to secure this area. We were lucky enough to have two teams in the first day from China and Japan demonstrate such risks. 


In the mobile browser category, Keen Team, a group of security researchers from China, demonstrated two exploits on the iPhone 5 and won $27,500 USD. They first demonstrated an exploit against the Safari browser running on iOS 7.0.3, followed by another exploit on Safari running on iOS 6.1.4. These exploits allow a remote attacker to exfiltrate the cookie database and photos from Apple’s iPhone. More details on this exploit can be found here.


Japan’s very own Mitsui Bussan Secure Directions, Inc. demonstrated an exploit that leveraged vulnerabilities against several applications that are installed by default on the Samsung Galaxy S4. Combined, these bugs allow the silent installation of a malicious application and the theft of sensitive user data including SMS messages, contact list and web browsing history.  This successful attack netted them $40,000 USD. More details on that exploit can be found here.


All of the vulnerabilities and exploit techniques used today have been disclosed to the affected vendors.   We have a couple researchers still actively developing exploit attempts and hopefully we will have more action tomorrow – check out for contest photos, videos and updates.


About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all