New mobile exploits demonstrated at Pwn2Own eventNovember 13, 2013 – 5:10 PM
At information security conference PacSec 2013 in Tokyo, two teams have accepted rewards for demonstrating exploits against cell phones in the Mobile Pwn2Own 2013 contest sponsored by HP.
Japanese squad Team MBSD, of Mitsui Bussan Secure Directions, Inc., collected $40,000 for installing malware and collecting personal data on the Android-powered Samsung Galaxy S4. The group lured a user to a malicious website, gained system-level privileges and installed applications that allowed the team to gather information, including SMS messages, contacts and browsing history.
Keen Team, a Chinese squad from Keen Cloud Tech, took $27,500 for demonstrating two exploits against Safari on the iPhone 5. The group captured Facebook credentials on iOS 7.0.3 by stealing a Facebook cookie via social engineering, and also stole a photo on iOS 6.1.4.