Hewlett Packard recently organized its yearly Pwn2Own contest, where they reward security researchers for the discovery of security problems and possible exploits on mobile operating systems and platforms.
Nico Joly from VUPEN Security was able to read out the cookie database on a Lumia 1520, but fortunately he failed to gain full control of the operating system because, according to HP, the sandbox of Internet Explorer withstood the attack.
In contrast to the quite positive result for Windows Phone, there are bad news for Android and iOS Users:
Adam Laurie from Aperture Labs succeeded with his attack based on an exploit of two NFC-related bugs on a Google Nexus 5: according to a blog entry, he was able to force bluetooth pairing between two devices. Do you remember the TV show “Person of Interest”? 😉
Neither the Samsung Galaxy S5 nor the poorly-selling Amazon Fire Phone did withstand the attacks from other security researchers.
If you think Android is insecure, you’ll laugh if I’ll tell you that South Corean experts were able to execute a full Safari sandbox escape on an iPhone 5S – this means you’d be able to run any kind of malicious code.
But don’t panic: as already practiced the years ago, all exploits are immediately disclosed to the affected companies, so you might see patches soon.
What do you think about mobile device security, especially when it comes to enterprise use? Please feel free to comment below.