The first day of the competition was highly successful, with five teams, five targeted devices and five successful attempts. A total of nine bugs were discovered and immediately disclosed to and confirmed by the Zero Day Initiative, in order for smartphone vendors to patch their mobile operating systems to close vulnerabilities that allow for things like the iOS 8 untethered jailbreak Pangu and malware attacks.
A team of South Korean competition veterans were able to come across a two-bug combination in iOS that compromised the iPhone 5s through the Safari browser. One of the bugs was able to execute a full Safari sandbox escape, making it possible for the security researchers to gain full control of the system. The security flaw was immediately disclosed to Apple by the Zero Day Initiative.
The second contest involved two successful attempts against compromising the Samsung Galaxy S5. The first vulnerability, which “used NFC as a vector trigger a deserialization issue in certain code specific to Samsung,” was discovered by Japan’s team MSBD on day one of the competition. Jon Butler of South Africa’s MWR InfoSecurity also hacked the Samsung Galaxy S5 with an NFC focus.
Later during the first day of competition, Adam Laurie from UK’s Aperture Labs stepped up his game with a two-bug exploit for the Nexus 5 that involves NFC capabilities. The security bug demonstrated a way for the Nexus 5 to force Bluetooth pairings between two smartphones, presenting a myriad of privacy and security issues if one of the users is a malicious attacker.
The second day of competition was not as successful, given that competitors were only able to obtain partial attacks on the Android and Windows Phone platforms. Competitor Nico Joly tackled the Lumia 1520 with an exploit aimed at the smartphone’s web browser, but was only able to exfiltrate the cookie database and could not break the sandbox to gain full access to the system.
Meanwhile, the final competitor of the second day and event altogether, Pwn2Own veteran Jüri Aedla, was able to present an exploit that involved utilizing Wi-Fi on his Nexus 5 running Android. As with Joly before him, however, Aedla was unable to elevate his system privileges higher than their original level. Afterwards, the event officially came to a close.
Mobile Pwn2Own is a recurring event that resumes at CanSecWest next spring.