Up north in Vancouver, the well known computer security conference CanSecWest got off to an impressive start with its famous Pwn2Own competition. The goal each year is to take down various different platforms to highlight their security holes. And this year showed that no matter what you run, you probably are not safe.
For example, German hacker “Nils” managed to take down a Windows 7 PC which was running Firefox. Using a previously unknown hole, he took total control over the PC. Before this, Charlie Miller managed to take down a Mac OS X machine running on Safari, and Dutchman Peter Vreugdenhil took down another Windows 7 PC using Internet Explorer 8.
Most disturbing, however, was probably the attack against iPhone users. Two Europeans by the names of Vincenzo Iozzo and Ralf Phillipp Weinmann managed to lead an iPhone to a webpage where in 20 seconds the entire SMS database, including previously deleted messages, was stolen. All of the bugs were reported to the software’s creators by Pwn2Own and won’t be released until they are fixed.
According to the organizer of the Pwn2Own hacking challenge, Apple’s Safari will be the first browser to fall to hacking. However, a researcher who won at Pwn2Own the previous two years is not so sure. Aaron Portnoy, the organizer of the contest, said that Safari is on Snow Leopard, which “isn’t on the same level as Windows 7.” But researcher Charlie Miller says Safari is not significantly easier to hack than other browsers.
The Pwn2Own contest has made headlines for hacking Mac OS X, Safari, Microsoft Windows, and Internet Explorer. There are cash prizes and laptops for those who successfully hack the browsers and operating systems. Last year, Safari, Internet Explorer, and Firefox all fell to attack. Google Chrome did not.
There won’t only be operating systems to hack—there is a mobile component to the competition as well. Competitors will have the opportunity to hack an iPhone 3G S, a Blackberry Bold 9700, a Nokia smartphone, and a Motorola that will most likely be running Android. Portnoy said he expects the iPhone to be the easiest to attack. Miller said he does not expect any of the phones to be successfully hacked because there is not common knowledge about attacking phones.
Pwn2Own will be from March 24 to March 26 in Vancouver, British Columbia. The vulnerabilities and bugs discovered are used to help computer security.
Via Computerworld, image via Apple.