World’s finest hackers are trying to break into the most widely-used mobile phones on the planet this week, as part of thePwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Japan. Despite the improved security of the devices, one famous Chinese crew, Keen Lab, has successfully compromised both Apple’s iPhone and Google’s Nexus.
The iPhone 6S attack saw Tencent-owned Keen Lab chain two iOS vulnerabilities to steal pictures from the Apple device. They were awarded $52,500 for that hack. They also managed to install a rogue application on the iPhone 6S, but the app wouldn’t survive a reboot thanks to a default configuration setting that prevented persistence. Despite that, ZDI bought the bugs used in the hack for $60,000.
Even with last minute update of 10.1 which made us work overnight, we success finally @Cloudlldb @fuyubin1993 @marcograss @chenliang0817 pic.twitter.com/zUtSZswDbx — KEENLAB (@keen_lab) October 26, 2016
Even with last minute update of 10.1 which made us work overnight, we success finally @Cloudlldb @fuyubin1993 @marcograss @chenliang0817 pic.twitter.com/zUtSZswDbx
— KEENLAB (@keen_lab) October 26, 2016
As for the Nexus 6P, the Keen collective managed to install a malicious app on the Google device, repeating the attack three times to receive a whopping $102,500. Again, Keen combined two different bugs, alongside other unspecified weaknesses in Android.
Talking about Keen’s research, ZDI chief Brian Gorenc said: “These are critical in nature as they allow an attacker to disclose sensitive information or install a malicious application. We’ve seen similar exploits recently used in the wild.
