Smartphones from Apple and Research in Motion were the latest devices to take a beating at an annual hacker contest that has come to expose the inherent weaknesses of internet communication. Apple's iPhone 4 was brought down by a drive-by attack that exploited a heap overflow in code related to the handset's Safari browser. It …
Under contest rules, software versions were locked two weeks ago
So when did google patch Jon Oberheide's vuln? since it was only last week that the issue surfaced in the media...
He could be double doh'd if his vuln is still in the contest version.
His vulnerablility on affects anything running before 2.3 so it wouldn't work on the Galaxy S anyway.
Big winners here: Android and Firefox!
In what way are they winners?
Just because 'droid and FF weren't attacked, I don't see them being winners. We didn't learn anything about their vulnerability to attack because the people lined up have not stated why they withdrew.
It could be that their exploit was patched, but it could be for any number of other reasons including agreements with third parties to not disclose the hack - also for any number of reasons.
Why not Firefox or Android?
Seems odd that no-one wanted to try their hand at either of the two open source platforms.
Was it because :
Having the source code made it too easy?
Having the source code made obvious it would be too hard?
Or just that no-one could be bothered?
"....compared their task........to finding their way through a labyrinth in the pitch dark..."
So Theseus was the world's first hacker then?
How about a real tough one: RSA 4.096 bit with AES 256
Anyone cracking this baby will really be popular with the U.S. Federal Government as they hang a hell of a lot of stuff on this.
Worth a damn sight more than USD$15.000!
the big fear
That is the big fear is that these vuln are now worth a lot more than 10 or 15k to the right people (Chinese, Israel, Russian mob, etc). Perhaps this why we see only the low hanging fruit (honestly with IE how hard is it to find one of dozen of vulns) compromised.
Perfect description of a BlackBerry
“It's a system that no one knows anything about. Basically, it crashes or it doesn't crash, or it takes a very long time to respond. Those are the three options. So you have to (move) very slowly, one step at a time.”
Adding the WebKit browser to the BB OS actually made it *less* secure?
Geeze, looks like RIM is trading security for "shiny!" now. :(
What's in a hack?
Really, getting a message past a spam filter to trick a user into going to a custom crafted website just to gain access the contact list? it can't gain admin access, it can't install remote code, it can't be remotely controlled to do anything, it can't access e-mail or the user local file system where data of VALUE is; these hacks are just pointing out exploits but even these top hackers and teams of hackers can't use an automated tool to remotely breach actual device security.
Who cares if my contact list gets siphoned off... It;s e-mail addresses, physical addresses, names and numbers. 99% of that is already floating around out there anyway (much of it and more in PUBLIC record). If you;re storing account numbers and password and such in your contacts, or sending them through unsecured SMS, you;re already a moron.
When they can have a bot install remote code and key-log the iPhone's virtual keyboard, or access the files in local storage, we'll call them winners.
I applaud the effort for finding these vulnerabilities, even more so that it's done with specific intent to provide the manufacturer's time to fix them, and with this contest and ones like it to continue, but lets not let the press blow things out of proportion here... Its far easier to get a virus into an android device simply by uploading it through the marketplace than it is to steal some names and numbers here through actual hacking and trickery... The encrypted parts of the iPhone have NEVER ONCE been breached, permission escalation has never been achieved, and remote code installation equally so. The only real "hacK' of these things ever shown was either given PHYSICAL access to it, or used a loophole in a jailbreak that left SSH Server running with a default published root password (oops).
Read it again, please.
"Willem Pinckaers, a researcher with security firm Matasano, and independent researcher Vincenzo Iozzo were able to steal a complete contact list and and cache of pictures stored on the device and write a file to its storage system."
Be mighty interesting if a spear-phishing expedition managed to do this to the personal phone of a highly placed executive, wouldn't it? Perhaps get some interesting pictures of the missus? On the business end, a list of business contacts would be of prime interest to competitors. It shows who your suppliers are, who your customers are, and who may be more than just that. Plant some child porn on the phone perhaps, get them banged up for a few years on an anonymous tip?
The goal of the contest was to prove that it was possible to break past the security. You are talking about weaponizing the exploit, which is beyond the scope of this contest. No, the sky is not falling. The Emperor does have clothes on. But the draft suggests they may be a hospital gown.
chain together jailbreakme.com ... ?
I'm sure if the writer of jailbreakme.com had put their mind to it for iOS 4.0, they could have pwned any of those devices that used the site to execute jailbreaks and then nav the filesystem to get whatever they wanted.