Hewlett-Packard has concluded its most recent edition of Pwn2Own hacking competition with Windows Phone 8.1 holding up remarkably well against attempts to hijack the system. Other smartphones like the iPhone 5S, Amazon Fire Phone, and Samsung Galaxy S5 all fell to the coordinated attacks from white hat hacker who later turned over details of the attacks to manufacturers.
Pwn2Own provides a prize pool of US$425,000 to participants, with US$150,000 going to the most advanced hack. The theme for this year appeared to be Near-Field Communications as three of the five successful attacks used the technology to break out of the mobile OS sandbox. Notably, all three NFC exploits were on Android devices; indicating that there are probably more exploits for NFC to be found.
Day two of the event saw the only two partially successful attempts to gain control of a mobile device. Jüri Aedla failed to fully exploit a WiFi based attack on a Nexus 5; while the only participant – Pwn2Own veteran Nico Joly – targeting Windows Phone (a Lumia 1520) only managed to retrieve cookies from the web browser but failed to break into the rest of the system.
The number of exploits that worked is somewhat worrying, especially considering that they centre around NFC technology that both Google and Apple are attempting to push as the next payment method. Fortunately, these particular vulnerabilities have been disclosed to the manufacturers who will hopefully take note. On the other hand, Windows Phone can definitely breathe a sigh of relief as it turns out hacking the device is not all that easy.
[Source: HP Blog 1, 2; Via: Ars Technica 1, 2]
