• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Mobile Security   »   The Results are In: Mobile Pwn2Own 2016

The Results are In: Mobile Pwn2Own 2016

  • Posted on:October 26, 2016
  • Posted in:Mobile Security, Security, Zero Day Initiative
  • Posted by:
    Dustin Childs (Zero Day Initiative Communications)
0

The 2016 edition of Mobile Pwn2Own has wrapped, and the contestants demonstrated some unique attacks against the iPhone 6S and Nexus 6P. By the end of the day, researchers showed how phones – even while running the latest software and patches – could have a rogue application installed and pictures or data stolen. With multiple successful exploits, Tencent Keen Security Lab Team claimed the title of Master of Pwn with 45 points and $215,000 total awarded.

The competition started with Tencent Keen Security Lab Team targeting a Google Nexus 6P. Their attempt to install a rogue application succeeded earning them $100,000. They combined two different bugs in Android then leveraged other weaknesses within the OS on their first and subsequent attempts. By acing all three attempts, they earned the sniper, strength, and stealth style point bonuses. In the end, they tallied up $102,500 USD and 29 points towards Master of Pwn.

Next, Tencent Keen Security Lab Team targeted the iPhone 6S with a rogue application. The app did install, but it didn’t persist after a reboot of the phone. As such, this only counts as a partial success. Still, they used some interesting bugs that should be fixed. These bugs earned them a $60,000 USD award but no Master of Pwn points.

Robert Miller and Georgi Geshev from MWR Labs then took their turn targeting the Google Nexus 6P with a rogue application installation. Sadly, it seems a recent Chrome patch made their exploit too unstable. They were not able to install a rogue application on the phone within the allotted time. They still showed some innovative research that purchased through normal ZDI channels.

The final entry saw Tencent Keen Security Lab Team target the iPhone 6S to leak photos. They combined a use-after-free (UAF) bug in the renderer and a memory corruption bug in the sandbox to steal a photo from the phone. This earned the team another $52,500 USD and, thanks to style points for sniper and stealth, another 16 point towards Master of Pwn. We disclosed the bugs involved to Apple through our standard disclosure process via email.

With two successful and one partial success, Tencent Keen Security Lab Team was awarded the title of Master of Pwn with total winnings of $215,000 and 45 points. Congratulations on some great research.

This contest revealed some fantastic research in the realm of mobile security. The market for software vulnerabilities continues to evolve and mature – especially in the mobile space. Bugs are becoming more valuable, and researchers have a variety of options on what to do with the flaws they discover in popular phones. As entertaining as the Mobile Pwn2Own competition may be, it exposes the seriousness of understanding the current threats and weaknesses. This year’s competition succeeds in that regard. While not every entry was declared a full winner, all of them used flaws in phones that should be addressed by the vendor.

Thanks again to the research teams that participated in this year’s contest. It was great seeing everyone who attended, and we look forward to seeing everyone again in 2017!

Related posts:

  1. TippingPoint DVLabs Provides Exclusive Security Coverage for Mobile Pwn2Own 0Day Vulnerabilities
  2. Pwn2Own 2017 – Day Two Schedule and Results
  3. Presenting Mobile Pwn2Own 2016
  4. Welcome to Mobile Pwn2Own 2016

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.