On The Insider: Warren Sapp's Girlfriend's Allegations
BNET Business Network:
BNET
TechRepublic
ZDNet

February 11th, 2009

Pwn2Own hacker contest targets browsers, smart phones

Posted by Ryan Naraine @ 10:33 am

Categories: Adobe, Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Google, Hackers, Kernel-level Exploits, Patch Watch, Research, Vulnerability research, iPhone

Tags: Phone, Mobile, Smart Phone, Apple MacBook, Web Browser, Hacker, Hacking, Microsoft Windows, Security, Operating Systems

After two straight years of taking dead aim at Macbooks and Windows-powered machines, hackers at this year’s CanSecWest conference will have shiny new targets:  Web browsers and mobile phones.

According to CanSecWest organisers, there will be two separate Pwn2Own competitions this year — one pitting hackers against IE8, Firefox 3 and Safari and another targeting Google Android, Apple iPhone, Nokia Symbian and Windows Mobile.

[ SEE: 10 questions for MacBook hacker Dino Dai Zovi ]

On the browser side, the IE vs Firefox battle is sure to grab headlines although I’m not quite sure why Opera or Google’s Chrome was not included in the target list.

The rules of engagement are not yet available but it’s a safe bet that a successful attacker would have to exploit a zero-day vulnerability to gain full access to the target computer.

CanSecWest organizers plan to Sony VAIO P running Windows 7 as the platform for the contest.  The successful hacker gets to keep the machine.

[ SEE: Google Android vulnerable to drive-by browser exploit ]

The second contest — against mobile phone platforms — will be another closely watched affair.  Hackers have already successfully infiltrated the iPhone and Android platforms and there are known security problems in Symbian and Windows Mobile so we’re likely to see a lot of attention paid to this contest.

In 2007, New York-based security researcher Dino Dai Zovi teamed up with Shane Macaulay to hijack a MacBook Pro via a flaw in Apple’s QuickTime software.    A year later, hacker Charlie Miller needed just two minutes to exploit a Safari bug to win that contest.

Alex Sotirov also partnered with Macaulay in 2008 to exploit an Adobe Flash vulnerability on a Windows Vista box.  (Thanks to NonZealot for the correction).

* Image source: Channy Yun’s Flickr photostream (Creative Commons 2.0)

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 34 Talkback(s)
Haha
"Pffft... I came here to snipe the morons writing articles, not the ones unable to read and understand them. "

You mean I'm not the only one that bored? Read the rest)
Posted by: Chrissd Posted on: 02/19/09 You are currently: a Guest | | Terms of Use
Big correction  NonZealot | 02/11/09
Corrected  Ryan NaraineZDNet Moderator | 02/11/09
I'm betting Vista will be owned in no time.  Intellihence | 02/12/09
Windows was patched BEFORE Conficker came out  NonZealot | 02/12/09
Was it only with Windows and not Linux?  joe.smetona@... | 02/13/09
The authors claimed it would work cross platform  rtk | 02/13/09
Yea  Chrissd | 02/19/09
Reason chrome and opera aren't included...  Spiritusindomit@... | 02/11/09
I think they should include Opera for two reasons...  MGP2 | 02/11/09
Thank you!  LiquidLearner | 02/11/09
complaint against MS isn't bundling  Mr_Dave | 02/12/09
Not quite..  Chrissd | 02/19/09
Hence why I don't use flash...  Spiritusindomit@... | 02/11/09
That's no way to live  fred@... | 02/11/09
Many of us  Linux User 147560 | 02/11/09
LOL!  Pembo | 02/12/09
Good one, Fred happy  hasta la Vista, bah-bie | 02/12/09
I guess you don't use...  msalzberg | 02/11/09
He/she is using Lynx (nt)  n0neXn0ne | 02/11/09
 Chrissd | 02/19/09
Fairly obvious; I wouldn't do smartphone banking at all.  HypnoToad | 02/11/09
RE: Pwn2Own hacker contest targets browsers, smart phones  Futurdreamz@... | 02/11/09
RE: Pwn2Own hacker contest targets browsers, smart phones  roberts_theodore@... | 02/12/09
"If you don't like America, then you can get out!"  Pembo | 02/12/09
i dont like america but im not going anywhere  davevanos | 02/13/09
Don't like America?  roberts_theodore@... | 02/13/09
You just don't understand...  Caggles | 02/13/09
Thanks for the example.  tenimotsu | 02/12/09
Haha  Chrissd | 02/19/09
About Spam...  joe.smetona@... | 02/13/09
fun grin  Chrissd | 02/19/09
What's next knife throwing?  BALTHOR | 02/12/09
RE: Pwn2Own hacker contest targets browsers, smart phones  phatkat | 02/12/09
RE: Pwn2Own hacker contest targets browsers, smart phones  Chrissd | 02/19/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here