February 16, 2010, 10:25AM
CanSecWest Pwn2Own Hacker Contest Targets Smartphones
Comment 
The organizers of this year's CanSecWest Pwn2Own have painted a big bulls-eye on mobile devices, offering up an whopping $60,000 in prizes to entice hackers to exploit vulnerabilities on iPhones, Android, Nokia and BlackBerry smartphones.
At Pwn2Own 2010, which takes place in Vancouver on March 24, 2010, contest sponsors TippingPoint ZDI has set the booty at US$100,000 with two main technology targets -- smartphones and Web browsers/OS pairings.
Editor's Pick
According to ZDI's Aaron Portnoy, the big focus this year will be on vulnerabilities affecting mobile devices.
The second portion of Pwn2Own 2010 offers bounties for vulnerabilities affecting mobile phones. The increased presence and capabilities of smart phones has brought with it the same security issues and attention traditionally reserved for non hand-held platforms. Vulnerabilities in parsing media, dynamic web content, e-mail, and other client-side issues have been published in the past. Additionally, many of the communication protocols that mobile phones implement are the focus of a burgeoning field of security research (ex: Lackey, Langlois, Bailey).
Portnoy said that $60,000 of the total $100,000 cash prize pool is set aside for the mobile phone portion of the contest, with each target worth $15,000.
He said a successful hack on these targets must result in code execution with little to no user-interaction. The targets this year are:
- Apple iPhone 3GS
- RIM Blackberry Bold 9700
- A Nokia device running Symbian S60 (likely the E62)
- A Motorola phone running Android (likely the Droid)
Mobile phones were in play at last year's contest but there was little activity from hackers. Instead, the security researchers focused mainly on Web browsers, bringing down the three main browsers -- Internet Explorer, Firefox and Safari -- on the first day.
The remainding $40,000 will be assigned to targets this year that include the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari.
The browsers will be paired with a fully patched operating system. On day one, Portnoy said the following targets will be in play:
- Microsoft Internet Explorer 8 on Windows 7
- Mozilla Firefox 3 on Windows 7
- Google Chrome 4 on Windows 7
- Apple Safari 4 on MacOS X Snow Leopard
On the second day, older OS versions will be added to the mix:
- Microsoft Internet Explorer 7 on Windows Vista
- Mozilla Firefox 3 on Windows Vista
- Google Chrome 4 on Windows Vista
- Apple Safari 4 on MacOS X Snow Leopard
The contest will be expanded on Day 3 to include even older OS/browser pairings:
- Mozilla Firefox 3 on Windows XP
- Google Chrome 4 on Windows XP
- Apple Safari 4 on MacOS X Snow Leopard
Commenting on this Article is closed.
Today's Most Popular
- Yahoo Includes Private Key in Source File For Axis Chrome Extension
- Researchers Unveil New Way to Trust Certificates
- FBI Warns Top Firms Of Anonymous Protest Hacks on May 25
- DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (10)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (14)
-
Facebook Cancellation Malware Disguised As Adobe Update Making Rounds (3)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (4)
-
How to Break Google Chrome in Six Easy Steps (2)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
21%
Only connect to password-protected, secure connections
39%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 70
Follow Threatpost
 |  |  |  |
| Tumblr |
