Although the Tame Apple Press makes much of the security features of the iPhone, it is still the easiest phone to hack.
The Mobile Pwn2Own competition that took place alongside the PacSec Applied Security Conference in Tokyo on November 12-13 has a long tradition of knocking over the latest smartphones and always finds Apple smartphones the easiest.
If you believe the Tame Apple Press, the iPhone with its sandbox technology was supposed to be super-secure. However it turns out that the iPhone continues to be a doddle. In fact, it has become traditional for the first day of the competition for Apple to be shown up.
In this case, members of the South Korean team lokihardt@ASRT “pwned” the device by using a combination of two vulnerabilities. They attacked the iPhone 5s via the Safari Web browser and achieved a full sandbox escape.
The competition, organised by HP’s Zero Day Initiative (ZDI) and sponsored by BlackBerry and the Google Android Security team, targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5.
Later in the day, Team MBSD from Japan hacked Samsung’s Galaxy S5 by using a near-field communications (NFC) attack that triggered a deserialisation problem in certain code specific to Samsung. Jon Butler of South Africa’s MWR InfoSecurity also managed to break the Galaxy S5 via NFC.
Adam Laurie from Aperture Labs hacked an LG Nexus 5 using NFC. This was an interesting hack because it used a two-bug exploit targeting NFC capabilities on the LG Nexus 5 (a Google-supported device) to force BlueTooth pairing between phones. This was a plot point on the telly show ‘Person of Interest’.
Kyle Riley, Bernard Wagner, and Tyrone Erasmus of MWR InfoSecurity used a combination of three vulnerabilities to break the Web browser on the Amazon Fire Phone.
Microsoft’s Nokia Lumia 1520 came out of the competition quite well with contestants only managing partial hacks. Nico Joly, managed to exfiltrate the cookie database, but the sandbox prevented him from taking complete control of the system.
Jüri Aedla of Estonia used a Wi-Fi attack against a Nexus 5, but failed to elevate his privileges, HP said.