iPhone 4 and Blackberry Torch hacked at Pwn2Own

Researchers highlight the fallibility of the two hugely popular phones in the Pwn2Own contest.

iPhone 4

Apple's iPhone 4 and the BlackBerry Torch 9800 were successfully hacked at the Pwn2Own contest.

This week has already seen researchers rewarded for their hacks on the Safari and Internet Explorer browsers, but yesterday, it was the turn of smartphones.

Well-known researcher Charlie Miller managed to take down the iPhone 4, whilst a team consisting of Willem Pinckaers, Vincenzo Iozzo and Ralf-Philipp Weinmann hacked the BlackBerry device.

For each hack, the winners received $15,000 (9,345).

Advertisement - Article continues below
Advertisement - Article continues below

Miller used an exploit to run arbitrary code on the iPhone after visiting a specific website on the hugely popular Apple device. The flaw has now been patched with the iOS 4.3 release, which was issued this week, ahead.

It is the fourth year in a row Miller had won a contest at Pwn2Own.

The BlackBerry hackers had to get around a range of issues, largely because no debugger was available for the BlackBerry's current browser, Kaspersky Labs' Threatpost reported. Indeed, the team had little documentation to go on whatsoever.

"It was all trial and error. We didn't have a debugger, so it crashes or it doesn't crash or it takes a long time to respond. Those are the three options," Pinckaers said.

"We had to figure out the memory map from small little pieces."

More mobile threats

Advertisement - Article continues below

Pwn2Own has highlighted the kinds of vulnerabilities hackers are seeking to exploit at a time when mobile security has come under increasing scrutiny.

A number of researchers have now picked up on a malicious version of a Google mobile security tool.

The genuine tool, designed to remove applications infected with the Droid Dream malware, was only released in the last week.

The Trojanised version does not appear on the official Android Market, but can be found on third-party app stores.

Advertisement - Article continues below

Symantec found the apps could be used to change access point name settings on devices, although the developers did not create a flawless piece of malicious kit.

"Our overall analysis of this threat has shown it to be a potentially worrying threat," Symantec researcher Mario Ballano said in a blog post.

Advertisement - Article continues below

"However, the threat's perpetrators have failed to fully implement all of the functionality within the infected applications, thereby lessening its potential impact as a threat."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


Business strategy

Apple launches new TV, gaming and finance services

25 Mar 2019

Apple MacBook Pro 16in review: A little bigger, a lot better

10 Jan 2020

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data breaches

Misconfigured security command exposes 250 million Microsoft customer records

23 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020