A
hacking contest paid out $117,500 in prizes this week for exploits
against handheld devices – and the biggest winner was “Pinkie Pie”, an
under-21 hacker who used drive-by attacks to take over a Samsung Galaxy
S4 and a Nexus 4, both of which run Android.
Ars Technica described Mobile Pwn2Own as “making sport out of serious
security bugs,” in its report, and said that Pinkie Pie’s hacks relied
on vulnerabilities in Google’s Chrome Browser.
Pinkie Pie’s hacks drew applause from the audience – using a
malicious site to compromise the devices, and then executing code on
both the Nexus 4 and Samsung Galaxy S4, according to The Register’s report.
Heather Goudey, a senior security content developer at HP, which sponsors the contest, wrote, “Within
minutes, we had witnessed a successful exploit on two different devices
and were ready to pay $50,000 USD for the privilege. Pinkie Pie
compromised Chrome on both a Nexus 4 and a Samsung Galaxy S4 just for
good measure.”
“The exploit took advantage of two vulnerabilities – an
integer overflow that affects Chrome and another Chrome vulnerability
that resulted in a full sandbox escape. The implications for this
vulnerability are the possibility of remote code execution on the
affected device.”
Cybercriminals are increasingly targeting Android devices, with malware detections rising in China and the West, according to a We Live Security report.
No comments:
Post a Comment