HP’s annual two-day Mobile Pwn2Own competition came to a close this afternoon, with a group of veteran security researchers and other competitors able to compromise several flagship smartphones across the top-three mobile operating systems: Android, iOS and Windows Phone. The devices that were exploited include the Samsung Galaxy S5, Nexus 5, iPhone 5s, Amazon Fire Phone and Nokia Lumia 1520.
The first day of the competition was highly successful, with five teams, five targeted devices and five successful attempts. A total of nine bugs were discovered and immediately disclosed to and confirmed by the Zero Day Initiative, in order for smartphone vendors to patch their mobile operating systems to close vulnerabilities that allow for things like the iOS 8 untethered jailbreak Pangu and malware attacks.
A team of South Korean competition veterans were able to come across a two-bug combination in iOS that compromised the iPhone 5s through the Safari browser. One of the bugs was able to execute a full Safari sandbox escape, making it possible for the security researchers to gain full control of the system. The security flaw was immediately disclosed to Apple by the Zero Day Initiative.
The second contest involved two successful attempts against compromising the Samsung Galaxy S5. The first vulnerability, which “used NFC as a vector trigger a deserialization issue in certain code specific to Samsung,” was discovered by Japan’s team MSBD on day one of the competition. Jon Butler of South Africa’s MWR InfoSecurity also hacked the Samsung Galaxy S5 with an NFC focus.
Later during the first day of competition, Adam Laurie from UK’s Aperture Labs stepped up his game with a two-bug exploit for the Nexus 5 that involves NFC capabilities. The security bug demonstrated a way for the Nexus 5 to force Bluetooth pairings between two smartphones, presenting a myriad of privacy and security issues if one of the users is a malicious attacker.
The first day was rounded off with a three-bug exploit targeting the Amazon Fire Phone’s web browser by the three-man MWR InfoSecurity team of Kyle Riley, Bernard Wagner, and Tyrone Erasmus. Amazon’s Fire Phone is based on the proprietary Fire OS operating system that is distributed as a fork of Android 4.2.2 Jelly Bean.
The second day of competition was not as successful, given that competitors were only able to obtain partial attacks on the Android and Windows Phone platforms. Competitor Nico Joly tackled the Lumia 1520 with an exploit aimed at the smartphone’s web browser, but was only able to exfiltrate the cookie database and could not break the sandbox to gain full access to the system.
Meanwhile, the final competitor of the second day and event altogether, Pwn2Own veteran Jüri Aedla, was able to present an exploit that involved utilizing Wi-Fi on his Nexus 5 running Android. As with Joly before him, however, Aedla was unable to elevate his system privileges higher than their original level. Afterwards, the event officially came to a close.
Mobile Pwn2Own is a recurring event that resumes at CanSecWest next spring.