bit-tech.net

Pwn2Own 2010 aims at smartphones

Pwn2Own 2010 aims at smartphones

Attendees at the CanSecWest 2010 conference will be offered prizes of $15,000 plus extras if they can successfully root one of a range of smartphones.

The famous Pwn2Own contest - which has long been a staple of the CanSecWest computer security conference - is set to up its game by offering prizes for hackers able to successfully exploit smartphones for the first time.

As reported over on The Register, the contest - sponsored by security outfit TippingPoint - is offering $15,000 plus the hacked device to keep for remote code execution attacks against popular smartphones which require "little to no user interaction."

The contest - which is putting aside $60,000 in prize money for the smartphone section - is looking for hackers capable of breaking into Apple's iPhone 3GS, RIM's BlackBerry Bold 9700, the Nokia E62 running Symbian, and the Motorola Droid running Google's Android.

In a blog post describing the rules for this year's Pwn2Own contest, TippingPoint's Aaron Portnoy claimed that "the increased presence and capabilities of smart phones has brought with it the same security issues and attention traditionally reserved for non hand-held platforms," - an opinion borne out by the increase in attacks on smartphones over the last year.

Interestingly, the allocation of $60,000 of the total $100,000 prize fund to smartphone exploits means that successful hackers will earn more for rooting an iPhone 3GS than for the more traditional browser exploit contest - earning $15,000 for the smartphone exploit but just $10,000 for the laptop exploit.

As usual, Pwn2Own will be a three day affair starting on the 24th of March in Vancouver, British Columbia - and is open only to those registered to attend the CanSecWest conference, which will set prospective hackers back nearly $2,000 plus travel and accommodation costs.

Do you think that TippingPoint is right to turn a spotlight onto the thorny issue of smartphone security, or will browser bugs in desktop machines always be the more important concern? Should the company open its contests up to more than just paying guests at its conferences? Share your thoughts over in the forums.

7 Comments

Discuss in the forums Reply
eddtox 17th February 2010, 11:28 Quote
I think as smartphone uptake increases, more and more malware will target phones. The sooner security holes are found and fixed in the most popular platforms, the better.
rickysio 17th February 2010, 11:49 Quote
E62?!?!

That's freaking ancient - I expected something like E72 or E52...
rickysio 17th February 2010, 11:52 Quote
Quote:
Originally Posted by bit-tech
The contest - which is putting aside $60,000 in prize money for the smartphone section - is looking for hackers capable of breaking into Apple's iPhone 3GS, RIM's BlackBerry Bold 9700, the Nokia E62 running Symbian, and the Motorola Droid running Google's Android.
Quote:
Originally Posted by the register
Now in its fourth year, the Pwn2Own competition will award $60,000 for exploits that successfully penetrate Apple's iPhone 3GS, Research in Motion's Blackberry Bold 9700, a Nokia device running the most recent version of Symbian and a Motorola phone running Google's Android. Each mobile attack that results in code execution "with little to no user-interaction" will fetch $15,000.

WAT?
Gareth Halfacree 17th February 2010, 13:59 Quote
Quote:
Originally Posted by rickysio
WAT?
To quote TippingPoint themselves: "A Nokia device running Symbian S60 (likely the E62)"
rickysio 17th February 2010, 14:52 Quote
Even if they manage to get in the E62, the test has lost all it's relevance. The other products are recent ones (all 2009~2010 products) while the E62 is from 2006...?

It's like they're telling Symbian :
http://i184.photobucket.com/albums/x34/rickysio/paper.jpg
ZERO <ibis> 17th February 2010, 18:31 Quote
Will everyone at the conference be banned from apple by apple?
eddtox 17th February 2010, 19:37 Quote
Quote:
Originally Posted by ZERO <ibis>
Will everyone at the conference be banned from apple by apple?

One can only hope :-D
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums