Mobile Pwn2Own: Windows Phone does well, iPhone 5S, Galaxy S5, Nexus 5, Fire Phone fall

While no smartphone targeted by security researchers during 2014 Mobile Pwn2Own came out completely unscathed, the hackers were unable to gain total control over a Windows and Android phone. The partial pwnage of a Lumia 1520 and a Nexus 5 could be regarded as a victory if you are an optimist, or as a defeat if you are a pessimist.

Researchers were competing for $425,000 prizes by exploiting a previously unknown vulnerability in any of the following targets: Amazon Fire Phone, Apple iPhone 5s, Apple iPad Mini with Retina Display, BlackBerry Z30, Google Nexus 5, Google Nexus 7, Nokia Lumia 1520 and Samsung Galaxy S5. On the first day of competition, hackers popped iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire Phone.

On the second day of the HP Zero Day Initiative Mobile Pwn2Own competition in Tokyo, VUPEN’s Nico Joly was the only researcher to take on Windows Phone. After targeting the mobile web browser in a Lumia 1520, he successfully exfiltrated the cookie database; “however, the sandbox held and he was unable to gain full control of the system.”

In the past, experts have claimed that Windows Phones have “baked-in cybersecurity goodness;” yet that hasn’t been enough incentive for more people to make the switch to a Windows Phone. Last year, the global market outlook for Windows mobile OS was dismal. Although Windows Phone may not be among the most popular in the U.S., Statista reported that in India, “Windows Phone is more popular than Apple’s iOS.” Statista predicts the Windows Phone OS will have only a 10.2% global market share by 2017. It remains to be seen if security-minded individuals will consider the Mobile Pwn2Own a “win” for Windows Phone, or blow it off as being targeted by only one hacker because the phone isn’t popular enough to warrant more attention.

Also on the second day of the Mobile Pwn2Own competition, Jüri Aedla attempted to exploit a Nexus 5 running Android via Wi-Fi; although he was unable to elevate privileges further than their original level, Mobile Pwn2Own counted his attack as a “partial pwn.”

ZDNet’s Violet Blue added, “Blackberry took the top spot for being unhackable,” but that was perhaps after a nudge from a Blackberry PR person. HP ZDI doesn’t mention Blackberry being targeted at all. Since security researchers didn’t even attempt to crack into the phones, Apple’s iPad Mini and the Nexus 7 could be said to share the top “unhackable” spot with BlackBerry Z30.

iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire Phone all fell to pwnage on the first day of the competition. Researchers used a two-bug combination to pwn the Apple iPhone 5S via the Safari browser and a three-bug combo to pwn the Amazon Fire Phone via the browser. Two different teams successfully targeted the Samsung Galaxy S5 via NFC, one by exploiting a logical error and the other triggering a deserialization issue. The Nexus 5 was also pwned when a researcher used a “two-bug exploit targeting NFC capabilities” that forced “BlueTooth pairing between phones – a plot point, as several observers noted, on the television show Person of Interest.”

HPSR will post details about the individual exploits after vendors patch the holes.