[ISN] All five smartphones survive PWN2OWN hacker contest

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9130346

By Gregg Keizer
March 24, 2009 
Computerworld

None of the five smartphones slated for attack at last week's PWN2OWN 
hacking contest was compromised, a sign that security researchers have 
yet to adapt to the limitations of mobile, said the company that put up 
the prize money.

"With the mobile devices so limited on memory and processing power, a 
lot of [researchers'] main exploit techniques are not able to work," 
said Terri Forslof, manager of security response at 3Com Inc.'s 
TippingPoint unit, which sponsored the contest.

Although three of the four browsers that were targets at PWN2OWN quickly 
fell to a pair of researchers -- netting one of contestants $5,000 and 
the other $15,000 -- none of the smartphones was successfully exploited. 
TippingPoint had offered $10,000 for each exploit of any of the phones, 
which included Apple Inc.'s iPhone and the Research in Motion Ltd.'s 
BlackBerry, as well as phones running the Windows Mobile, Symbian and 
Android operating systems.

"Take, for example, [Charlie] Miller's Safari exploit," said Forslof, 
referring to Miller's 10-second hack of a MacBook via an unpatched 
Safari vulnerability that he'd known about for more than a year. "People 
wondered why wouldn't it work on the iPhone, why didn't he go for the 
$10,000?" she said. "The vulnerability is absolutely there, but it's a 
lot tougher to exploit on the iPhone."

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/