Posted by: devnullius
« on: 13. November 2014., 14:49:56 »SOURCE: Dutch article http://webwereld.nl/beveiliging/84480-smartphones-in-30-minuten-gehackt-via-nfc?utm_source=+SIM&utm_medium=email&utm_campaign=20141113-15%3A10%3A02_webwereld_daily_cron&utm_content=&utm_term=_10927
English one about the subject, FROM: http://www.forbes.com/sites/thomasbrewster/2014/11/13/amazon-fire-iphone-nexus-5-samsung-s5-vulnerable-mobile-pwn2own/
Amazon Fire Phone, iPhone, Nexus 5, Samsung S5 All Popped At Mobile Pwn2Own
A slew of the world’s most popular smartphones have been prized open at the Mobile Pwn2Own hacking contest in Tokyo, Japan this week. Hosted by the HP Zero Day Initiative, the competition offered up big cash prizes for those who could successfully show off their exploits and a handful whitehats managed to break security protections on the Amazon Fire Phone, iPhone 5S, LG Nexus 5 and the Samsung S5.
Pro hackers from British firm MWR InfoSecurity walked away with two awards, demonstrating security flaws in both the Samsung Galaxy S5 and Amazon Fire Phone, taking control of the devices via the latter’s web browser and the former’s Near Field Communication (NFC) service. They were handed a total of $125,000. The MWR Labs team said in an email it had also identified additional vulnerabilities and all will be reported to Samsung and Amazon in the coming weeks.
Google Nexus 5
Google Nexus 5
Japan’s Team MBSD also abused NFC in the Samsung, whilst Adam Laurie from the UK’s Aperture Labs carried out an NFC exploit but on the Google-backed LG Nexus 5, forcing the BlueTooth to pair with another phone.
South Korean “competition veterans” lokihardt@ASRT were able to exploit vulnerabilities in the Apple Safari browser and subsequently took control of an iPhone S5. In one case, they were able to escape the Safari sandbox – the software designed to prevent code running in the browser from running in other sections of the phone.
Microsoft will be pleased to hear their Windows Phone OS kept out VUPEN researcher Nico Joly, who couldn’t pop a Lumia 1520 despite getting at the cookie database on the device.
All vulnerabilities were kept under wraps and reported to the relevant vendors. We’ll soon learn who is quickest to patch amongst the world’s biggest phone manufacturers.
English one about the subject, FROM: http://www.forbes.com/sites/thomasbrewster/2014/11/13/amazon-fire-iphone-nexus-5-samsung-s5-vulnerable-mobile-pwn2own/
Amazon Fire Phone, iPhone, Nexus 5, Samsung S5 All Popped At Mobile Pwn2Own
A slew of the world’s most popular smartphones have been prized open at the Mobile Pwn2Own hacking contest in Tokyo, Japan this week. Hosted by the HP Zero Day Initiative, the competition offered up big cash prizes for those who could successfully show off their exploits and a handful whitehats managed to break security protections on the Amazon Fire Phone, iPhone 5S, LG Nexus 5 and the Samsung S5.
Pro hackers from British firm MWR InfoSecurity walked away with two awards, demonstrating security flaws in both the Samsung Galaxy S5 and Amazon Fire Phone, taking control of the devices via the latter’s web browser and the former’s Near Field Communication (NFC) service. They were handed a total of $125,000. The MWR Labs team said in an email it had also identified additional vulnerabilities and all will be reported to Samsung and Amazon in the coming weeks.
Google Nexus 5
Google Nexus 5
Japan’s Team MBSD also abused NFC in the Samsung, whilst Adam Laurie from the UK’s Aperture Labs carried out an NFC exploit but on the Google-backed LG Nexus 5, forcing the BlueTooth to pair with another phone.
South Korean “competition veterans” lokihardt@ASRT were able to exploit vulnerabilities in the Apple Safari browser and subsequently took control of an iPhone S5. In one case, they were able to escape the Safari sandbox – the software designed to prevent code running in the browser from running in other sections of the phone.
Microsoft will be pleased to hear their Windows Phone OS kept out VUPEN researcher Nico Joly, who couldn’t pop a Lumia 1520 despite getting at the cookie database on the device.
All vulnerabilities were kept under wraps and reported to the relevant vendors. We’ll soon learn who is quickest to patch amongst the world’s biggest phone manufacturers.