Samsung Galaxy S5,iPhone 5s and Nexus 5 Hacked at Pwn2Own Competition

In HP’s two day competition named Pwn2Own which took place in Tokyo,Japan. Smartphones such as iPhone 5s ,Samsung Galaxy s5 and Nexus 5 using top operating systems like Windows,iOS, and Android are all been hacked. In this two day competition some veteran security researchers around the globe participated.

On day one in the competition the iPhone 5s iOS was the system that has been hacked by the South Korean teams. They found some weakness in the Safari browser and used it to escape the sand box.
The flaw in iOS security was immediately disclosed to Apple, by the zero day initiative.

The first day in the competition is highly sucessful, with two big devices are hacked successfully.The next big device that fell victim to the group of hackers from Japan and South Africa is Samsung Galaxy s5.

The gateway that made the way for the security attack is ‘near-field communication (NFC)’ attack that trigger a deserialization issue in certain code specific to Samsung. Jon Butler of South Africa’s MWR InfoSecurity also managed to break the Galaxy S5 via NFC.

NFC was also utilized by UK-based researcher Adam Laurie from Aperture Labs to hack an LG Nexus 5.

“A two-bug exploit targeting NFC capabilities on the LG Nexus 5 (a Google-supported device) demonstrated a way to force BlueTooth pairing between phones – a plot point, as several observers noted, on the television show ‘Person of Interest’,” Shannon Sabens, a senior security content developer at HP, wrote in a blog post summarizing the first day of Mobile Pwn2Own.

Kyle Riley, Bernard Wagner, and Tyrone Erasmus of MWR InfoSecurity used a combination of three vulnerabilities to break the Web browser on the Amazon Fire Phone.

On the day two of the competition was not as successful when you compare it with the day one.On the second day  the participants in the competition are only able to attack android and windows devices partially. A participant name Nico Joly able to show some weakness in windows phone Nokia 1520 with an exploit aimed at the smartphone’s web browser, but was only able to exfiltrate the cookie database and could not break the sandbox to gain full access to the system.

A competitor name Jüri Aedla presented the weakness in another device name Nexus 5. He presented the bug in device through Wifi to android device. The event came to an end after that.

Source securityweek  

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...