Security Research
Showing results for 
Search instead for 
Do you mean 

Mobile Pwn2Own 2014: The day two recap

Shannon_Sabens on ‎11-12-2014 08:30 PM

The second and final day of the 2014 Mobile Pwn2Own competition drew two veteran security researchers targeting Windows Phone and Android. Both achieved partial pwnage, succeeding at controlling one aspect of their respective systems but unable to gain comprehensive control.

 

First, Nico Joly – who refined his competition entry on the very laptop he won at this spring’s Pwn2Own in Vancouver as part of the VUPEN team – was the sole competitor to take on Windows Phone (the Lumia 1520) this year, entering with an exploit aimed at the browser. He was successfully able to exfiltrate the cookie database; however, the sandbox held and he was unable to gain full control of the system.

 

Our second and final competitor, Jüri Aedla, is also a Pwn2Own veteran, most recently presenting a successful Firefox attack in Vancouver this spring. In Tokyo, he presented an approach utilizing wi-fi on his target system (a Nexus 5 running Android) However, he was unable to elevate his privileges further than their original level.

 

All exploits were, as always, confirmed by the Zero Day Initiative and immediately disclosed to the affected companies. We invite everyone to check back with the HPSR blog during the coming weeks for more information on individual exploits from throughout the contest. For now, though, the Pwn2Own test bench is closed; we look forward to seeing everyone at the spring Pwn2Own contest during CanSecWest in Vancouver. Safe travel!

 

Figure 1: Packing up after another terrific competition. Thanks again to all.

0 Kudos
About the Author

Shannon_Sabens

Labels
Events
Each Month in 2016
Online
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
Sep 30
Seattle, WA
OpenStack Days Seattle
OpenStack Days Seattle, September 30, is the largest gathering of OpenStack users and prospective users in the Pacific Northwest region.
Read more
View all