Chinese hackers win Mobile Pwn2Own with Safari exploit in iOS 6 and 7


HP recently hosted a mobile-focused version of the popular Pwn2Own contest. Competing teams went up against iOS and Android, with both platforms succumbing to these savvy groups of hackers. The Keen Team from China targeted iOS in its exploit and became the first ever winning team from the Asian country.

The Keen team was able to use a vulnerability in mobile Safari that allowed them to capture the Facebook credentials of the iPhone user. This hole was present in iOS 7.0.3. A second exploit demonstrated by this team targeted Safari on a device running iOS 6.1.4. Using this vulnerability, the tram was able to steal photos from the device. For their work, the Keen Team was awarded $27,500.

The takeaway from this and similar contests is that given enough incentive, it’s increasingly likely a hacker will be able to access your mobile device and steal some of the personal information stored within.

[Via Ars Technica]