Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Nov 1, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Trend Micro's annual Mobile Pwn2Own contest took place in Tokyo, Japan today at the PacSec security conference, and security researchers spent the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.


    Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system, was successfully breached twice by Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.
    Security researcher Richard Zhu was also able to leverage two bugs to exploit the Safari browser and escape the sandbox to successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.

    Along with the iPhone 7, researchers were able to find exploits for the Samsung Galaxy S8 and the Huawei Mate 9 Pro, earning a total of $350,000.

    Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers for disclosing major vulnerabilities to tech companies like Apple and Google.

    Pwn2Own continues on through tomorrow, so additional exploits may be uncovered. Apple representatives have been known to attend Pwn2Own competitions in past years, and all vulnerabilities discovered are disclosed to Apple. The company then has 90 days to produce patches for all iOS-related bugs before they're publicly disclosed.

    Article Link: Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest
     
  2. btrach144 macrumors 65816

    btrach144

    Joined:
    Aug 28, 2015
    #2
    Less than 24 hours with 11.1 and now this comes out :(
     
  3. Darryl.Jenks macrumors regular

    Darryl.Jenks

    Joined:
    Sep 29, 2014
    Location:
    Self-absorbed
  4. btrach144 macrumors 65816

    btrach144

    Joined:
    Aug 28, 2015
    #4
    This has nothing to do with FaceID or TouchID. Please remain relevant.
     
  5. SoApple macrumors regular

    Joined:
    Sep 21, 2012
    #5
    What an irrelavant and pointless comment.

    On a more relevant note. This exploit has been fixed in the new update.
     
  6. mi7chy macrumors 603

    mi7chy

    Joined:
    Oct 24, 2014
  7. lkrupp macrumors 6502a

    Joined:
    Jul 24, 2004
    #7
    Exactly. If it’s that easy then why is the government so hell bent on getting back doors in these platforms?
     
  8. Slix macrumors 6502a

    Slix

    Joined:
    Mar 24, 2010
    #8
    The real question is: Will their exploits they found affect my iPod touch running iOS 6.1.6?

    :p
     
  9. scrapesleon macrumors 6502a

    scrapesleon

    Joined:
    Mar 30, 2017
    Location:
    Jamaica
    #9
    Wow congratulations to the team on the win
    --- Post Merged, Nov 1, 2017 ---
    Haha why would they want to spoil the fun
     
  10. Darryl.Jenks macrumors regular

    Darryl.Jenks

    Joined:
    Sep 29, 2014
    Location:
    Self-absorbed
    #10
    Easy. Just go through Falken's Maze!
     
  11. JohnnyApple$eed macrumors member

    JohnnyApple$eed

    Joined:
    Feb 19, 2015
    #11
    All this while I'm trying to turn off passcode and fingerprint unlock features on my phone as they are tiresome to me. I appreciate all of the security features and respect for privacy. But in reality, by not using Apple Pay or digital payments I have nothing to hide on my phone. Which is also why a $1,000 iPhone with a camera to take selfies has no appeal to me.
     
  12. dannyyankou macrumors 604

    dannyyankou

    Joined:
    Mar 2, 2012
    Location:
    Scarsdale, NY
    #12
    These contests are great. They give good incentives to find security exploits, and they end up getting patched by Apple.
     
  13. chucker23n1 macrumors 68000

    chucker23n1

    Joined:
    Dec 7, 2014
    #13
     
  14. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #14
    Well Krupp, if I keep pounding on your door screaming "Let me in, let me in" you tend to think your locks are pretty good. In fact you think your locks are so good you don't even realize I'm pounding on your door from the inside.:eek:

    /re-orders tinfoil... using cash... in nickels, dimes, and pennies:oops:
     
  15. AustinIllini macrumors demi-goddess

    AustinIllini

    Joined:
    Oct 20, 2011
    Location:
    Austin, TX
  16. joueboy macrumors 65816

    Joined:
    Jul 3, 2008
    #16
    So iPhone 7 is not vulnerable before iOS 11? They probably wanted this to happen so people will be buying a more secure iPhone 8 and X. Maybe!
     
  17. Aloft085 macrumors regular

    Joined:
    Sep 26, 2014
    #17
    No need, the FBI is the joke.
     
  18. AustinIllini macrumors demi-goddess

    AustinIllini

    Joined:
    Oct 20, 2011
    Location:
    Austin, TX
    #18
    That's not how this works at all.
     
  19. WatchFromAfar macrumors 65816

    WatchFromAfar

    Joined:
    Jan 26, 2017
    #19
    Has it? the post says "Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system" which came out yesterday.
     
  20. chucker23n1 macrumors 68000

    chucker23n1

    Joined:
    Dec 7, 2014
    #20
    Google releasing a "last-minute patch in the middle of the night" isn't Google?
     
  21. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #21
    Although you're 100% right, Chuck's post does highlight the power of the misconception that Android by Google is a monolithic OS. It also highlights the power of perception Samsung has over all of Android.
     
  22. thadoggfather macrumors G4

    thadoggfather

    Joined:
    Oct 1, 2007
  23. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #23
    I think Austin is stating Samsung isn't Google. Samsung's internet browser has nothing to do with Google. You're entire quote was about Samsung, not Google.
     
  24. chucker23n1 macrumors 68000

    chucker23n1

    Joined:
    Dec 7, 2014
    #24
    I see nothing in that post to suggest that Google's code wasn't affected, and enough to suggest that it was, in fact, affected, namely the assertion that Google "released a last-minute patch in the middle of the night".

    While it's possible that Samsung's browser, which surely is forked from Google's Chromium and/or heavily uses Google's Blink, uses outdated components that have long since been fixed upstream, or has issues that never existed upstream in the first place, clearly there were bugs on Google's end.
     
  25. AustinIllini macrumors demi-goddess

    AustinIllini

    Joined:
    Oct 20, 2011
    Location:
    Austin, TX
    #25
    You messed up. We understand. Google can patch all they want, Samsung is not google. Your quote is about Samsung.
     

Share This Page