Security Research
Showing results for 
Search instead for 
Do you mean 

Mobile Pwn2Own 2013 Yields Exploits in Safari, Samsung S4 applications

Brian_Gorenc on ‎11-13-2013 06:07 PM

Mobile Pwn2Own 2013 started out with a bang. HP’s Zero Day Initiative and competition co-sponsors Google and Blackberry awarded $67,500 USD for the disclosure of multiple 0-day vulnerabilities and exploit techniques in the Safari browser and mobile applications.  We are excited to bring Pwn2Own to Japan to see the breadth of research from across the world, including exploits which reveal techniques that can help internal security teams improve their mitigations. 


As mobile technology advances, an abundance of new risks and vectors for security vulnerabilities is emerging.  From mobile browser to baseband process, this competition is designed to highlight researchers that are working to secure this area. We were lucky enough to have two teams in the first day from China and Japan demonstrate such risks. 


In the mobile browser category, Keen Team, a group of security researchers from China, demonstrated two exploits on the iPhone 5 and won $27,500 USD. They first demonstrated an exploit against the Safari browser running on iOS 7.0.3, followed by another exploit on Safari running on iOS 6.1.4. These exploits allow a remote attacker to exfiltrate the cookie database and photos from Apple’s iPhone. More details on this exploit can be found here.


Japan’s very own Mitsui Bussan Secure Directions, Inc. demonstrated an exploit that leveraged vulnerabilities against several applications that are installed by default on the Samsung Galaxy S4. Combined, these bugs allow the silent installation of a malicious application and the theft of sensitive user data including SMS messages, contact list and web browsing history.  This successful attack netted them $40,000 USD. More details on that exploit can be found here.


All of the vulnerabilities and exploit techniques used today have been disclosed to the affected vendors.   We have a couple researchers still actively developing exploit attempts and hopefully we will have more action tomorrow – check out for contest photos, videos and updates.


0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all