The annual Mobile Pwn2Own contest has ended in Tokyo, with 11 bugs revealed in all.
Yesterday, bugs were revealed in the Apple iPhone 5S, Samsung Galaxy S5 and LG Nexus 5 and the Amazon Fire phone. The Galaxy S5 flaw in its Android OS was discovered by UK researcher Jon Butler from MWR Infosecurity which targeted a local error in WiFi connection over a short distance.
Ian Shaw, Group MD of MWR InfoSecurity, said MWR was proud to receive these awards.
“Our talented researchers span far and wide across the globe and they work extremely hard,” he said. “Entering competitions, such as Pwn2Own, are vitally important as it keeps us at the sharp edge of the industry.
“This work forms part of a wide-ranging programme of security research at MWR on a global scale and highlights the ongoing need for mobile developers and manufacturers to prioritise security, in order to keep customers safe.”
The MWR Labs research also identified additional vulnerabilities, which will first be reported to Samsung and Amazon in the coming weeks. It intends to publish advisories in due course for these vulnerabilities on its website website in accordance with its disclosure policy.
In today’s results, two bugs were found, again targeting Android WiFi over short distance, while another bug targeted the mobile web browser in Windows Phone where Nico Joly was successfully able to exfiltrate the cookie database but not full control of the system.
Organised by HP as part of its Zero Day Initiative, this is an annual contest that rewards security researchers for highlighting security vulnerabilities on mobile platforms. The contest helps to harden devices by finding vulnerabilities first, and sharing that research with mobile device and platform vendors.
HP and its sponsors (this year, the Google Android security team and Blackberry) are offering cash and prizes to researchers who successfully compromise selected mobile targets in particular categories.