The mobile Pwn2Own event was co-located last weekat the PacSec Conference in Tokyo and offers the promise of $300,000 in prize money to researchers who successfully demonstrate previously unknown mobile attacks and vulnerabilities. Brian Gorenc, manager of ZDI at HP Security Research, told eWEEK in a call from Japan that on Nov. 13, the first day of the competition, researchers from China and Japan were the first to successfully demonstrate their security prowess.
Team MBSD (Mitsui Bussan Secure Direction) from Japan was able to successfully exploit a fully patched, non-rooted Samsung Galaxy S 4 Android phone. The researchers didn’t exploit the phone with a single vulnerability; rather they were able to chain together a complex set of flaws across multiple applications that were installed by default on the Galaxy S 4, Gorenc said. The result was that by simply visiting an infected Website, the researchers were able to steal the user’s messaging logs, contacts, browsing history and other personally identifiable information.
Read the full story at eWeek:
Samsung Galaxy, Apple iOS Fall in Pwn2Own Hacking Contest
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.