Hack An iPhone, Win $10,000 - InformationWeek
IoT
IoT
Mobile // Mobile Devices
News
2/26/2009
06:06 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Hack An iPhone, Win $10,000

In TippingPoint's DVLabs contest, hackers also have the option of trying to execute a successful exploit against a Web browser.

Hackers, start planning your exploits.

TippingPoint's DVLabs on Thursday announced the rules for its third annual Pwn2Own contest, to be held at the CanSecWest Security Conference, which runs from March 16 through 20 in Vancouver, British Columbia. The focus this year is on two technologies: Web browsers and mobile devices.

The first hacker to crack a mobile device -- an Android, BlackBerry, iPhone, Symbian, or Windows Mobile phone -- without accessing it physically will win $10,000 and will get to keep the device, with a paid one-year contract. Subsequent successful mobile device hacks also pay $10,000 but do not include a device or contract.

Hackers also have the option of trying to execute a successful exploit against a Web browser. Potential targets include Chrome, Firefox, and IE8 on a Sony Vaio running Windows 7 or Firefox and Safari installed on a MacBook running Mac OS X. Opera is not included, however, an omission criticized in several blog comments. Browser bugs are worth $5,000 a piece.

Research published by Kaspersky Lab in 2006 suggests that information about a Windows bug sold for $4,000 in Russia.

"Winning entries against the browsers include exploits which require no user interaction outside of a single click on a malicious link," explains Terri Forslof, TippingPoint's manager of security response, in a blog post. "Winning scenarios against the mobile devices include attacks that can be exploited via e-mail, SMS text, Web site browsing, and other general actions a normal user would take while using the device."

Contest participants can try to attack both mobile devices and Web browsers, but cannot win both prizes using only a single exploit.

Last year at CanSecWest, a team of researchers from Independent Security Evaluators hacked a MacBook Air in two minutes using a previously unknown vulnerability in Apple's Safari 3.1 Web browser. They took the MacBook Air home as the prize, along with $10,000 in cash.

TippingPoint's goal is to use the prize money to purchase whatever zero-day exploits are revealed and to disclose them to the affected companies in a responsible manner.


InformationWeek has surveyed more than 300 IT managers to find the best ways to secure a mobile enterprise. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll