Day 2 of Pwn2Own is the day smart phones take their revenge for the defeat of their full size computer brothers. Violating the security on a smart phone is a very different concept when it comes to computers. Smart phone operating systems (with the exception Android) are not public information. Any possible security flaws are not documented well enough to find easily, turning weeks of work into possibly months.

This trouble meant nothing to Charlie Miller, the 3 time veteran of pwning all that is Apple for 4 years now. He and Dion Blazakis worked the same method used on Safari 5 for the iPhone 4. The person simply navigated to a well-crafted malicious website that allowed Mr. Miller to run exploit code – game over.

The next phone to go down was the Blackberry Torch 9800 who lost its battle to the team of Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann. Their attack was on the WebKit based browser used by Blackberry. The same WebKit system is used by both Chrome and Safari web browsers in their various incarnations. Once again we got a visit to a malicious website and down goes the Torch 9800.

Windows Phone 7 was also on the chopping block, but the person who signed up to test the system did not show up to the event. In addition to this, Sam Thomas withdrew his planned assault on Android via its Firefox browser because his exploit wasn’t stable yet.

Unlike the full web browsers, the smartphone’s OSs were not allowed to provide new patches within a week of the competition. Someone should really make these rules uniform to ensure last day updates don’t interfere with the sport of the event. While Chrome, Windows Phone 7, and Android are currently undefeated, there is still one more day for Pwn2Own. We will see if their streak of no-contest wins will continue.

Source: Ars Technica

Share This With The World!