Thursday 14 November 2013

Samsung Galaxy S4 and iPhone 5 zero-day exploits revealed at Pwn2Own 2013 Contest


At Information Security Conference PacSec 2013 in Tokyo, Apple’s Safari browser for the iPhone 5 and the Samsung Galaxy S4 have been exploited by two teams of Japanese and Chinese white hat hackers.
In HP's Pwn2Own 2013 contest, Japanese squad Team MBSD, of Mitsui Bussan Secure Directions won won $40,000 reward for zero day exploit for hacking Samsung Galaxy S4. The vulnerabilities allow the attacker to wholly compromise the device in several ways, such as using a drive-by download to install malware on the phone.


In order for the exploit to be successful, the group lured a user to a malicious website, gained system-level privileges and installed applications that allowed the team to gather information, including SMS messages, contacts and browsing history. They 

Another Hackers Team from Keen Cloud Tech in China showed how to exploit a vulnerability in iOS version 7.0.3 to steal Facebook login credentials and a photo from a device running iOS 6.1.4. They won $27,500 in prize money. Keen Team is the first ever Chinese winners of any Pwn2Own competition.

Both hacks would require user interaction, but took no longer than five minutes to perform. Organisers from the HP Zero Day Initiative have informed Samsung and Apple about the zero-day flaws and they will be working to address.

No comments:

Post a Comment