Pwn2Own: Hackers discover vulnerabilities on iPhone X, Galaxy S9 and Xiaomi Mi6



[ad_1]


Piracy of competitions can be a lucrative source of income for security professionals. Hackers Richard Zhu and Amat Cama, who cooperate under the pseudonym "Fluoroacetate", have just won a generous prize at the Pwn2Own event in Tokyo with an interesting hack.

The programmers had discovered a vulnerability in the Apple Safari browser, which allowed them to illegally copy data from a foreign iPhone via Wi-Fi. In his example, it was an already deleted photo by the user. This was possible, among other things, because the photos deleted when deleting in iOS only in a sort of wastebasket and only after a few weeks actually deleted.

The fact that the two hackers just copied a photo, but had a very pragmatic reason: it was just the first file that they had found on the foreign iPhone. Theoretically, they could also have access to other files. Two other attempts to find and exploit vulnerabilities in iPhones during the contest failed.

Samsung Galaxy S9 and Xiaomi Mi6 also reveal shortcomings

With other tips, hackers have managed to overcome the security measures of other smartphones. Richard Zhu and Amat Cama manage to execute malicious code on a Samsung Galaxy S9. In addition, a Xiaomi Mi6 controlled both hackers on the NFC interface and forced the phone to open the browser and call a particular website.

Overall, hackers were able to find and exploit various vulnerabilities in various smartphones during the competition. The most powerful blow was the Xiaomi Mi6, which managed five attacks. In accordance with the rules of competition, manufacturers have been informed of the vulnerabilities and will work to close them with an update.

For the "Fluoroacetate" hacker duo, participation in the contest was worth it. Thanks to their demonstrations, they not only obtained the general title and the title "Master of Pwn", but also received a cash prize of $ 215,000.

[ad_2]
Source link