Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

[bbeagle]

Except that so far in the contest, Google IS unbreachable. The only hack that got through on Android was through the Samsung Internet browser. None through Wi-Fi or baseband.

But then, I suppose it's not really as challenging go hack into Android than into iOS. Y'know, the thrill of proving Apple wrong ok their claim about security etc

https://www.zerodayinitiative.com/blog/2017/10/31/welcome-to-mobile-pwn2own-2017-day-one

It's also worth mentioning that the only browser that *didn't* get hacked on the " desktop" pwn2own contest in March was Chrome.
5 vulnerabilities in edge, 4 in safari, 1 in Firefox, none in Chrome

https://www.cvedetails.com/vulnerab...24/product_id-15031/opec-1/Google-Chrome.html

So far in the first day of this particular contest, the Google Chrome browser has survived. Do you think this list above is the last list ever of google chrome vulnerabilities?

 

[sinoka56]

now that ios 11 automatically turns on your wifi and not disable it if done through control center. hopefully apple reverts that horrible behaviour

 

[Primejimbo]

now that ios 11 automatically turns on your wifi and not disable it if done through control center. hopefully apple reverts that horrible behaviour

Just use Siri to turn of off.

 

[CarlJ]

/re-orders tinfoil... using cash... in nickels, dimes, and pennies

No! Not the nickels - those have transmitters in them, didn't you know? They'll track you!

 

[DeepIn2U]

Easy. Just go through Falken's Maze!

LOL awesome loved this classical reference. Well done!!

Thank you for making me feel young again.

I think Austin is stating Samsung isn't Google. Samsung's internet browser has nothing to do with Google. You're entire quote was about Samsung, not Google.

Psst. Samsung still includes Google Browser in their devices. Not sure about the S8 but it’s possible this was used (google browser). Also if Google Browser was not used the. Chrome was - again Google.

Does Samsung create their own internet browser, say for devices sold in China?

 

[69Mustang]

Psst. Samsung still includes Google Browser in their devices. Not sure about the S8 but it’s possible this was used (google browser). Also if Google Browser was not used the. Chrome was - again Google.

Does Samsung create their own internet browser, say for devices sold in China?

Psst. Sometimes it helps to read the source material. They specifically tested the Samsung Internet Browser. From my earlier post:

Browsers
In this category, contestants will target Google Chrome, Apple Safari, or the Samsung Internet Browser – and yes, Samsung’s web browser is just called Internet Browser.

Also I'm fairly familiar with the browsers available on Samsung phones. From another earlier posts:

Yup. Chrome is the default browser on my S7, my wife's S8, and it's the browser of choice on both my daughter's iPhones (6 & 6S). They're getting iPhone 7 for XMas. Chrome's gonna be there too. Chrome travels so well across ecosystems.

TL;DR Different browsers.

 

[DoctaThompson]

I find it funny how some people in this thread literally hate anything related to Google, just cause it isn't Apple related.

Psst. Sometimes it helps to read the source material. They specifically tested the Samsung Internet Browser. From my earlier post:


Also I'm fairly familiar with the browsers available on Samsung phones. From another earlier posts:


TL;DR Different browsers.

Lol you may need to compile all your posts into your first post so you don't have to keep correcting folks.

 

[DeepIn2U]

Psst. Sometimes it helps to read the source material. They specifically tested the Samsung Internet Browser. From my earlier post:


Also I'm fairly familiar with the browsers available on Samsung phones. From another earlier posts:


TL;DR Different browsers.

The problem with the source material is it was consfusing. As you quoted the post earlier about Samsung’s Browser just called Internet Browser, that’s exactly what Google has baked into androids kernel - and. You see this even on cloned iPhones as well. That naming causes confusion, along with trying to clarify it.

Browsers
In this category, contestants will target Google Chrome, Apple Safari, or the Samsung Internet Browser – and yes, Samsung’s web browser is just called Internet Browser.

My point is ... did he source properly qualify Samsung’s Browser as being made by Samsung or did they just launch he Browser in the Android app menu on the device? Did they post an About screen? That’s why I’m confused, an about screen shows who’s made the Browser.

To often the general public will thing Samsung is Android considering the popularity of their products.

Not all Android device manufacturers ship Google’s Android Internet Browser, yet many still do.

This site in early March this year states Samsung Internet is an app and its its own TouchWiz Browser.
https://android.gadgethacks.com/how...et-browser-almost-any-android-device-0176437/

Samsung’s site in the scrollable pics shows its some form of extension while the top of the site and the video therein states browser:
http://www.samsung.com/global/galaxy/apps/samsung-internet/

How can we be certain it’s not a heavy sort of skin atop Android’s core Internet Browser?

See the confusion? Samsung calls it Samsung Internet, not Internet Browser.

This site explains the Browser better in depth.

https://www.androidcentral.com/maybe-samsung-browser-isnt-so-bad-after-all?amp
[doublepost=1509610202][/doublepost]

I find it funny how some people in this thread literally hate anything related to Google, just cause it isn't Apple related.

Lol you may need to compile all your posts into your first post so you don't have to keep correcting folks.

If you’re referring to my post which was corrected I don’t hate Google an inanimate company. I was merely stating the confusion between their app and Samsung’s by the naming. See my reply just above.

 

[bmot]

I don't know why this is so difficult for you to understand. There's nothing wrong with your device and all these devices can be hacked.

You are kinda avoiding the discussion here that i did read with joy, which is a rare case in this forum anyway.

 

[69Mustang]

The problem with the source material is it was consfusing. As you quoted the post earlier about Samsung’s Browser just called Internet Browser, that’s exactly what Google has baked into androids kernel - and. You see this even on cloned iPhones as well. That naming causes confusion, along with trying to clarify it.



My point is ... did he source properly qualify Samsung’s Browser as being made by Samsung or did they just launch he Browser in the Android app menu on the device? Did they post an About screen? That’s why I’m confused, an about screen shows who’s made the Browser.

To often the general public will thing Samsung is Android considering the popularity of their products.

Not all Android device manufacturers ship Google’s Android Internet Browser, yet many still do.

This site in early March this year states Samsung Internet is an app and its its own TouchWiz Browser.
https://android.gadgethacks.com/how...et-browser-almost-any-android-device-0176437/

Samsung’s site in the scrollable pics shows its some form of extension while the top of the site and the video therein states browser:
http://www.samsung.com/global/galaxy/apps/samsung-internet/

How can we be certain it’s not a heavy sort of skin atop Android’s core Internet Browser?

See the confusion? Samsung calls it Samsung Internet, not Internet Browser.

This site explains the Browser better in depth.

https://www.androidcentral.com/maybe-samsung-browser-isnt-so-bad-after-all?amp
[doublepost=1509610202][/doublepost]

If you’re referring to my post which was corrected I don’t hate Google an inanimate company. I was merely stating the confusion between their app and Samsung’s by the naming. See my reply just above.

They tested the Samsung Internet Browser, the Google Chrome Browser, and the Apple Safari Browser. How likely do you think it is that:

1. They have a contest to attack 3 specific browsers, but somehow pick the wrong one?
2. Hackers at Pwn2Own don't know what browsers they are attacking?
3. Pwn2Own would pay out cash for hacking the wrong browser?

None of that makes any sense. It's Pwn2Own. Are you unfamiliar with what that is?

 

[Kynmore]

Wonder if the WiFi issues was with WPA2? I know Apple patched their end of things, but there are literally millions of routers out there that are unpatched for KRACK attacks.

Doesn't mean a thing if the vulnerability is still in play on one side of the connection.

 

[RightMACatU]

Now just think of what can be done on IoT devices that are un-updateable or don't have the hardware to implement basic security features. Now that's the scary part.

 

[sinoka56]

Wonder if the WiFi issues was with WPA2? I know Apple patched their end of things, but there are literally millions of routers out there that are unpatched for KRACK attacks.

Doesn't mean a thing if the vulnerability is still in play on one side of the connection.

I doubt that they would give money to a hack that is publicly available.

 

[kemal]

Still have to unlock the phone so FBI still sad.

I just want a jailbreak.

 

[Xgm541]

I have two phones. One for work which needs to be locked and one for personal which if I could, I would own a Moto Razr and disconnect from a lot of the mobile distractions. I do have social networking accounts though I deleted them from my phone to be more responsible with my time. I only check them on the weekends or during breaks at work. My point was more to me not needing the 4 or 5 digits pass codes and fingerprint feature. I've gone years without it but lately it seems that everyone now has "vital" information on their phone that the neighbor is going to steel. I get Wi-Fi hacks and what not but I am referring the daily tasks on my phone. Every single time I get a notification I have to unlock the phone. You can't set the lock time outside of immediately in settings anymore.
[doublepost=1509573431][/doublepost]

Uh, no it's not the equivalent. A person looking through my phone for digital assets such as a picture or a contact versus letting a person in my house for physical assets across a much broader spectrum are entirely different. Wi-Fi standards, digital currency, etc. I get it. But aside from your credit card info please tell me what your common everyday thief is going to steel from your phone that is of value? Your text messages, your music, take a selfie and post it to Facebook?

And as mentioned in another reply, "I have two phones. One for work which needs to be locked and one for personal which if I could, I would own a Moto Razr and disconnect form a lot of the mobile distractions. I do have social networking accounts though I deleted them from my phone to be more responsible with my time. I only check them on the weekends or during breaks at work. My point was more to me not needing the 4 or 5 digits pass codes and fingerprint feature. We've all gone years without it but lately it seems that everyone now has this vital information on their phone that the neighbor is going to steel. I get Wi-Fi hacks and what not but I am referring the daily tasks on my phone."

Social engineering is an extremely popular and easy way to get into someone's financial or other records. Again, having your phone unlocked for the world is going to make that very easy. Just looking through your pictures, someone can deduce who your family is, your significant other, what you like to do, etc. You let them use your Facebook, not to post a selfie, but they can access your private messages between you and your contacts which again gives them an inside into your personal life.

You can do whatever you want with your device, but assuming youre not important enough to assume basic security measures is a slippery slope. I'm kind of in agreement with you about not being important enough myself, but nobody is asking you to invest money in enterprise security.

Here's a tip if you have a newer iPhone: in accessibility options you can enable "rest finger to open" which makes unlocking with fingerprint faster. Also you can train your phone even more after the initial setup of touch id if you find it isn't super accurate.

 

[DeepIn2U]

They tested the Samsung Internet Browser, the Google Chrome Browser, and the Apple Safari Browser. How likely do you think it is that:

1. They have a contest to attack 3 specific browsers, but somehow pick the wrong one?
2. Hackers at Pwn2Own don't know what browsers they are attacking?
3. Pwn2Own would pay out cash for hacking the wrong browser?

None of that makes any sense. It's Pwn2Own. Are you unfamiliar with what that is?

So you're sayign Pwn2Own never makes a mistake that costs them money right?

source: https://scarybeastsecurity.blogspot.ca/2012/03/on-failings-of-pwn2own-2012.html

Bad actors will find loopholes and punk you

One of the stated -- and laudable -- goals of both Pwn2Own and Pwnium is to make users safer by getting bugs fixed. As recently noted by the EFF, there are some who are not interested in getting bugs fixed. At face value, it would seem to be counterproductive for these greyhat or blackhat parties to participate.

Enter VUPEN, who somehow managed to turn up and get the best of all worlds: $60k, tons of free publicity for their dubious business model and... minimal cost. To explore the minimal cost, let's look at one of the bugs they used: a Flash bug (not Chrome as widely reported), present in Flash 11.1 but already fixed in Flash 11.2. In other words, the bug they used already had a fixed lifetime. Using such a bug enabled them to collect a large prize whilst only handing over a doomed asset in return.

Although operating within the rules, their entry did not do much to advance user security and safety -- the bug fix was already in the pipeline to users. They did however punk $60k out of Pwn2Own and turned the whole contest into a VUPEN marketing spree.

Anything is likely it's a hack-a-thon and security teams of any software may have already created a fix (even if yet to deliver it) or a bug takes much longer to fix. My point is:

Software was incorrectly named by pwn2own (or maybe by the person that posted the front page article) - plain and simple. Since you're correcting me I figured you'd have had the correct Samsung Browser name, Samsung Internet (not Samsung Browser) as I've shown with direct Samsung link above.
this causes confusion amongst those NOT in the community of programmers or hackers.

That is the point I'm making but you're coming at me as if I'm obtuse or don't know the difference between the words and names provided. I clearly stated my confusion, then after you corrected did some digging and found the naming of the software was the issue causing the confusion. You're missing that.

 

[Gasu E.]

Trend Micro's annual Mobile Pwn2Own contest took place in Tokyo, Japan today at the PacSec security conference, and security researchers spent the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.

Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system, was successfully breached twice by Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.Security researcher Richard Zhu was also able to leverage two bugs to exploit the Safari browser and escape the sandbox to successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.

Along with the iPhone 7, researchers were able to find exploits for the Samsung Galaxy S8 and the Huawei Mate 9 Pro, earning a total of $350,000.

Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers for disclosing major vulnerabilities to tech companies like Apple and Google.

Pwn2Own continues on through tomorrow, so additional exploits may be uncovered. Apple representatives have been known to attend Pwn2Own competitions in past years, and all vulnerabilities discovered are disclosed to Apple. The company then has 90 days to produce patches for all iOS-related bugs before they're publicly disclosed.

Article Link: Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

I went to the Pwn2Own site. Where did it say the Google Pixel was even targeted? I think MacRumors is in error, and causing quite a bit of confusion. (The Google bug fixes were for Chrome).

 

[Gasu E.]

But that post doesn't use Samsung/Google logic. It also has nothing to do with Chucky's assertions.

Yes, it does. That statement was what he was responding to. If you want to respond to his statements without the original context-- I would call that "dishonest."

 

[69Mustang]

Yes, it does. That statement was what he was responding to. If you want to respond to his statements without the original context-- I would call that "dishonest."

No it doesn't. Google's "unbreachability" is immaterial to the conversation between me and Chuck. Our disagreement was regarding his attribution of Samsung's breach to Google, not whether Google was breachable. And that original post does not use Samsung is Google logic. It just said Google was unbreachable. But if you think you can somehow make the correlation between the original quote and Samsung's breach being caused by something wrong in Google's software thereby making Google breachable... by all means please do so.