Smartphones Withstood Attacks At Hacker Contest - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
3/23/2009
12:08 PM
Ed Hansberry
Ed Hansberry
Commentary
50%
50%

Smartphones Withstood Attacks At Hacker Contest

There was a three-day Pwn2Own contest in Vancouver where, according to this CNN Money article, contestants were offered $10,000 and some free cell phones if they could hack one of the mobile platforms at the contest. All five platforms withstood the assault.

There was a three-day Pwn2Own contest in Vancouver where, according to this CNN Money article, contestants were offered $10,000 and some free cell phones if they could hack one of the mobile platforms at the contest. All five platforms withstood the assault.The five platforms were the Apple iPhone, Google's Android, Microsoft's Windows Mobile, RIM's BlackBerry, and Nokia's Symbian OS. The mobile platform makers shouldn't rest on their laurels, though. There was a security firm that presented at the conference and it "demonstrated how to crack into the iPhone, Google Android and Windows Mobile devices using something called a simulated stack overflow vulnerability." They may be difficult to hack, but not impossible. Nothing with a computer chip is invulnerable.

Hacks for desktop platforms, most notably Windows, aren't likely to work on smartphones, even Windows Mobile. First of all, the operating systems like that in the iPhone and WinMo are different enough from their OS X and Windows desktop counterparts, respectively, that apps written for the desktops won't work on the mobile phone, and that means neither will malware. Second, even if there are some shared APIs, mobile phones don't use Intel x86 instructions. As it so happens, all five platforms use chips based on the ARM architecture. Apps would have to be recompiled to even have a prayer of a chance of working. The same applies to Android, which is based on Linux. Third, platforms like the BlackBerry and Symbian don't have desktop counterparts, so anything aimed at them would likely have to be written from the ground up.

Mobile phones do tend to be online as much or more than desktops, but unlike desktops, they aren't as willing, or even able, to join local networks or share files, which helps mitigate their vulnerability to attacks. Even though I know the IP address of my phone, I am unable to ping it from my PC, and a tracert dies after just 3 hops, getting nowhere close to the network that my phone is on.

All of this is to say, your phone is relatively secure, probably more so than your desktop. I don't run any security software on my phone. Their battery life isn't great and processing power and RAM always seem to be just short of where you'd like them to be. Having something as big as an antivirus or security app would only slow the device further and shorten the battery life.

Where you do have to be careful is from social engineering hacks. If I write a malicious app for your phone and can trick you into installing or running it, then I own your device and your data. One of the benefits to these application stores being opened by the various platform makers is that while there is no guarantee the app is any good, there should be no risk of malicious software infecting your phone.

I am sure hacking contests will continue and there will be some that will expend a lot of personal time into hacking cell phones. For now, just be alert and don't install or launch anything unless you know exactly what it does.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll