Windows Phone Sandbox Holds Up at Mobile Pwn2Own

Researchers successfully took down Apple and Samsung mobile phones using NFC hacks during Mobile Pwn2Own, but were not able to complete compromise Windows Phone or Nexus 5 running Android.

The Mobile Pwn2Own hacking contest ended today as did the PacSec Applied Security Conference in Tokyo with hackers unable to gain complete control over a Windows Phone and the latest version of the Android mobile OS.

Contest sponsors HP said two competitors, Nico Joly and Juri Aedla, were able to defeat some of the protections on Windows and Android respectively, but could go no further.

Joly was the only one to take a crack at the Windows Phone, a Lumia 1520 according to HP’s Shannon Sabens. His mobile browser exploit was able to exfiltrate the cookie database, but he could not escape the Windows Phone sandbox.

Aedla, meanwhile, could not elevate his privileges on a Nexus 5 phone beyond the original level.

Sabens said HP’s Zero Day Initiative confirmed the partial exploits and disclosed the vulnerabilities in question to the respective vendors. Joly, a member of Team VUPEN, was a winner in March at the Pwn2Own contest in Vancouver held during the CanSecWest event. Aedla too competed at Pwn2Own, winning this spring with a successful Firefox exploit that earned him $50,000.

Competitors were much more successful yesterday on Day 1 with five entrants successfully exploiting five targets. Nine zero-day vulnerabilities were disclosed to the respective vendors, HP said.

South Korean researchers lokihardt@ASRT chained together a pair of vulnerabilities to topple an iPhone 5S via Safari, including a full Safari sandbox escape.

Two successful attacks were carried out against Android running on Samsung Galaxy S5. Team MBSD of Japan exploited the Samsung device via NFC, triggering a deserialization vulnerability in code specific to Samsung, HP said.

Jon Butler of MWR InfoSecurity also used NFC to beat the Samsung device, exploiting a logic error on the Galaxy S5.

Continuing the assault on NFC, or Near Field Communication, Adam Laurie of Aperture Labs chained together two vulnerabilities targeting NFC on the LG Nexus 5. His exploit forced a Bluetooth pairing between phones.

MWR also carried out the final successful exploit, which targeted Amazon’s Fire Phone.Kyle Riley, Bernard Wagner and Tyrone Erasmus chained three vulnerabilities to topple the Fire browser.

Suggested articles