It looks like both Apple and Samsung have some work to do in closing security holes on their devices.
After three exploits were found on the iPhone 7 yesterday during Zero Day Initiative's Pwn2Own competition, two more have been uncovered during today's second round in Japan. The Galaxy S8 was also hit twice, having been breached once the day before.
This time, some of the exploits were more intricate, with one even using a bug found during day one of the competition to again crack the iPhone 7.
Here are the results from day two:
- iPhone 7: 360 Security (@mj0011sec) targeted WiFi. Using three separate bugs - one used by a competitor the previous day - the team was able to exfiltrate data just by connecting the device to WiFi ($20,000).
- iPhone 7: 360 Security targeted Safari. Using bugs in the browser and system service, data was able to be exfiltrated ($25,000).
- Galaxy S8: MWR Labs targeted the browser. Using 11 different bugs – plus some “features” – code execution was achieved and sensitive data was retrieved. Starting in the browser, a bug was leveraged in Google Chrome and other Samsung apps to install an APK. The exploit also persisted through a reboot ($25,000).
- Galaxy S8: acez targeted baseband. Using a stack buffer overflow, a code execution was achieved allowing the writing of persistent data on the handset ($50,000).
- Huawei Mate 9 Pro: MWR Labs (@MWRLabs) targeted the web browser. Five different logic bugs were used to get code execution ($25,000).
One team withdrew from an attempt to breach the Galaxy S8's browser.
In all, $515,000 was awarded, and after points were tallied, Tencent Keen Security Lab took home the trophy and the coveted Master of Pwn jacket.
The competition exposed 32 different bugs and exploits that Apple, Samsung, and Huawei now have 90 days to fix. The Google Pixel was also available for attempts to crack, but none of the researchers made an attempt on the handset.
Source and image: Zero Day Initiative