By Gregg Keizer
March 24, 2009
None of the five smartphones slated for attack at last week's PWN2OWN
hacking contest was compromised, a sign that security researchers have
yet to adapt to the limitations of mobile, said the company that put up
the prize money.
"With the mobile devices so limited on memory and processing power, a
lot of [researchers'] main exploit techniques are not able to work,"
said Terri Forslof, manager of security response at 3Com Inc.'s
TippingPoint unit, which sponsored the contest.
Although three of the four browsers that were targets at PWN2OWN quickly
fell to a pair of researchers -- netting one of contestants $5,000 and
the other $15,000 -- none of the smartphones was successfully exploited.
TippingPoint had offered $10,000 for each exploit of any of the phones,
which included Apple Inc.'s iPhone and the Research in Motion Ltd.'s
BlackBerry, as well as phones running the Windows Mobile, Symbian and
Android operating systems.
"Take, for example, [Charlie] Miller's Safari exploit," said Forslof,
referring to Miller's 10-second hack of a MacBook via an unpatched
Safari vulnerability that he'd known about for more than a year. "People
wondered why wouldn't it work on the iPhone, why didn't he go for the
$10,000?" she said. "The vulnerability is absolutely there, but it's a
lot tougher to exploit on the iPhone."
Best Selling Security Books and More!