TENCENT KEEN SECURITY LAB TEAM HACKERS WIN $215,000 FOR INFECTING A FULLY UPDATED AND PATCHED NEXUS 6P.



Challenging White Hat Hackers through competitions and bounties
for identifying potentially harmful security flaws in latest or upcoming
devices is currently the hot trend in the digital world.

It is rather interesting to let security teams
work hard and try to identify flaws in a given hardware or software under close
scrutiny. One of the most popular of such competitions is Pwn2Own in which
White Hat hackers are invited to defeat the software or hardware, which has
been declared as near perfect by the manufacturer.


In the recent
mobile-only Pwn2Own competition, sponsored by Trend Micro,
cash prizes were offered to hackers who could infiltrate the device, access or
modify user info, infect the device with fake and harmful apps or unlock mobile
phones from the most high-profile manufacturers. The phones that the hackers
had to hack included the Nexus 6P, iPhone 6S and Samsung Galaxy S6.

Tencent Keen Security Lab’s team from
China accepted the challenge and utilized various Android bugs to infect the
Nexus 6P with a rogue app. The team also identified that the bugs that were
used were already present in a new Nexus 6P phone despite its OS being updated
with most recent security patches. By installing a rogue app on the phone, the
team was able to access user data. However, they could not unlock the device.


Another achievement of Tencent Keen’s
team was to get a malicious app to remain on the iPhone 6S system even after
the device was rebooted. This was termed as a partial success. However,
the team could not successfully invade the Galaxy S7 phone.

Due to their accomplishment of
successfully carrying out three attacks in Sniper, Strength and Stealth
categories, the team received an award of $102,500. Remember, Tencent Keen
team is the same team who demonstrated how to take control of Tesla’s brakes from 12 miles
away last month.


With
multiple successful exploits, Tencent Keen Security Lab Team claimed the title
of Master of Pwn with 45 points and $215,000 total awarded.
Another team tried to hack the phone using a mobile Chrome
vulnerability, which was patched subsequently, but their attempts remained
unsuccessful.
As per the rules of Mobile Pwn2Own, Google will be informed and
alerted about the identified weaknesses in Nexus 6P and the Android system so
that patches could be released


via Blogger http://ift.tt/2fm4KPE

Advertisements