Samsung Galaxy S5,iPhone 5s and Nexus 5 Hacked at Pwn2Own Competition

In HP’s two day competition named Pwn2Own which took place in Tokyo,Japan. Smartphones such as iPhone 5s ,Samsung Galaxy s5 and Nexus 5 using top operating systems like Windows,iOS, and Android are all been hacked. In this two day competition some veteran security researchers around the globe participated.

On day one in the competition the iPhone 5s iOS was the system that has been hacked by the South Korean teams. They found some weakness in the Safari browser and used it to escape the sand box.
The flaw in iOS security was immediately disclosed to Apple, by the zero day initiative.

The first day in the competition is highly sucessful, with two big devices are hacked successfully.The next big device that fell victim to the group of hackers from Japan and South Africa is Samsung Galaxy s5.

The gateway that made the way for the security attack is ‘near-field communication (NFC)’ attack that trigger a deserialization issue in certain code specific to Samsung. Jon Butler of South Africa’s MWR InfoSecurity also managed to break the Galaxy S5 via NFC.

NFC was also utilized by UK-based researcher Adam Laurie from Aperture Labs to hack an LG Nexus 5.

“A two-bug exploit targeting NFC capabilities on the LG Nexus 5 (a Google-supported device) demonstrated a way to force BlueTooth pairing between phones – a plot point, as several observers noted, on the television show ‘Person of Interest’,” Shannon Sabens, a senior security content developer at HP, wrote in a blog post summarizing the first day of Mobile Pwn2Own.

Kyle Riley, Bernard Wagner, and Tyrone Erasmus of MWR InfoSecurity used a combination of three vulnerabilities to break the Web browser on the Amazon Fire Phone.

On the day two of the competition was not as successful when you compare it with the day one.On the second day  the participants in the competition are only able to attack android and windows devices partially. A participant name Nico Joly able to show some weakness in windows phone Nokia 1520 with an exploit aimed at the smartphone’s web browser, but was only able to exfiltrate the cookie database and could not break the sandbox to gain full access to the system.

A competitor name Jüri Aedla presented the weakness in another device name Nexus 5. He presented the bug in device through Wifi to android device. The event came to an end after that.

Source securityweek  

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...