Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,481
30,718



Trend Micro's annual Mobile Pwn2Own contest took place in Tokyo, Japan today at the PacSec security conference, and security researchers spent the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.


Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system, was successfully breached twice by Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.
They used a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot. They earned $60,000 for the WiFi exploit and added $50,000 for the persistence bonus - a total of $110,000 and 11 Master of Pwn points.

Tencent Keen Security Lab was on the clock once more as they targeted the Safari Browser on the Apple iPhone 7. It took them just a few seconds to successfully demonstrate their exploit, which needed only two bugs - one in the browser and one in a system service to allow their rogue app to persist through a reboot. As the second finisher in the Browser category, they earned half of the cash award at $45,000, but still earned the full 13 Master of Pwn points.
Click to expand...
Security researcher Richard Zhu was also able to leverage two bugs to exploit the Safari browser and escape the sandbox to successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.

Along with the iPhone 7, researchers were able to find exploits for the Samsung Galaxy S8 and the Huawei Mate 9 Pro, earning a total of $350,000.

Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers for disclosing major vulnerabilities to tech companies like Apple and Google.

Pwn2Own continues on through tomorrow, so additional exploits may be uncovered. Apple representatives have been known to attend Pwn2Own competitions in past years, and all vulnerabilities discovered are disclosed to Apple. The company then has 90 days to produce patches for all iOS-related bugs before they're publicly disclosed.

Article Link: Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest
 
Article Link
https://www.macrumors.com/2017/11/01/iphone-7-exploits-mobile-pwn2own-contest/
JohnnyApple$eed

JohnnyApple$eed

macrumors member
Feb 19, 2015
88
532
All this while I'm trying to turn off passcode and fingerprint unlock features on my phone as they are tiresome to me. I appreciate all of the security features and respect for privacy. But in reality, by not using Apple Pay or digital payments I have nothing to hide on my phone. Which is also why a $1,000 iPhone with a camera to take selfies has no appeal to me.
 
  • Like
Reactions: crjackson2134, kdarling and bernuli
chucker23n1

chucker23n1

macrumors G3
Dec 7, 2014
8,532
11,284
mi7chy said:
Good job Google for being unbreachable.
Click to expand...

Apple, Google, and Huawei all released last-minute patches in the middle of the night

[..]

Next up, 360 Security (@mj0011sec) also attempted to exploit the Samsung Internet Browser on the Samsung Galaxy S8. They succeeded in getting the browser to run their code, then leveraged a privilege escalation in a Samsung application to persist through a reboot. These two bugs earned them $70,000 and 11 points towards Master of Pwn.
Click to expand...
 
  • Like
Reactions: rudigern, Tubamajuba, InfoTime and 5 others
69Mustang

69Mustang

macrumors 604
Jan 7, 2014
7,895
15,043
In between a rock and a hard place
lkrupp said:
Exactly. If it’s that easy then why is the government so hell bent on getting back doors in these platforms?
Click to expand...
Well Krupp, if I keep pounding on your door screaming "Let me in, let me in" you tend to think your locks are pretty good. In fact you think your locks are so good you don't even realize I'm pounding on your door from the inside.:eek:

/re-orders tinfoil... using cash... in nickels, dimes, and pennies:oops:
 
  • Like
Reactions: MH01, Ntombi, Kopa and 4 others
J

joueboy

macrumors 68000
Jul 3, 2008
1,576
1,545
So iPhone 7 is not vulnerable before iOS 11? They probably wanted this to happen so people will be buying a more secure iPhone 8 and X. Maybe!
 
chucker23n1

chucker23n1

macrumors G3
Dec 7, 2014
8,532
11,284
69Mustang said:
Although you're 100% right, Chuck's post does highlight the power of the misconception that Android by Google is a monolithic OS. It also highlights the power of perception Samsung has over all of Android.
Click to expand...

I see nothing in that post to suggest that Google's code wasn't affected, and enough to suggest that it was, in fact, affected, namely the assertion that Google "released a last-minute patch in the middle of the night".

While it's possible that Samsung's browser, which surely is forked from Google's Chromium and/or heavily uses Google's Blink, uses outdated components that have long since been fixed upstream, or has issues that never existed upstream in the first place, clearly there were bugs on Google's end.
 
  • Like
Reactions: Gasu E. and bmot
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom