Security Research
Showing results for 
Search instead for 
Do you mean 

Mobile Pwn2Own 2014: The day two recap

Shannon_Sabens on ‎11-12-2014 08:30 PM

The second and final day of the 2014 Mobile Pwn2Own competition drew two veteran security researchers targeting Windows Phone and Android. Both achieved partial pwnage, succeeding at controlling one aspect of their respective systems but unable to gain comprehensive control.

 

First, Nico Joly – who refined his competition entry on the very laptop he won at this spring’s Pwn2Own in Vancouver as part of the VUPEN team – was the sole competitor to take on Windows Phone (the Lumia 1520) this year, entering with an exploit aimed at the browser. He was successfully able to exfiltrate the cookie database; however, the sandbox held and he was unable to gain full control of the system.

 

Our second and final competitor, Jüri Aedla, is also a Pwn2Own veteran, most recently presenting a successful Firefox attack in Vancouver this spring. In Tokyo, he presented an approach utilizing wi-fi on his target system (a Nexus 5 running Android) However, he was unable to elevate his privileges further than their original level.

 

All exploits were, as always, confirmed by the Zero Day Initiative and immediately disclosed to the affected companies. We invite everyone to check back with the HPSR blog during the coming weeks for more information on individual exploits from throughout the contest. For now, though, the Pwn2Own test bench is closed; we look forward to seeing everyone at the spring Pwn2Own contest during CanSecWest in Vancouver. Safe travel!

 

Figure 1: Packing up after another terrific competition. Thanks again to all.

0 Kudos
About the Author

Shannon_Sabens

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Labels
Events
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference to learn from peers in every industry and hear from Big Data experts and thought leaders in an exciting, energy fille...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference and is the place to meet the world’s top information security talent, discuss new products and share information...
Read more
View all