Hacking Competition Leaves Android and Windows Phone 7 Devices Undefeated
From the results of Pwn2Own hacking competition, it looks like Android and Windows Mobile are tough nuts to crack.
It only took two days for hackers to Apple and Blackberry operating systems during the three-day tournament last week Pwn2Own crack, while Android and Windows Mobile 7 has been abandoned and unhacked models by the end of the competition.
Is it because their OS is more secure? Yes and no.
“Do not explain the survival of a target Pwn2Own automatically safer than a goal that went down,” Last year, in Internet Explorer Pwn2Own winner Peter Vreugdenhil warns. Participants who were surrounded and beat up the Android WP7 units in the competition drew a variety of reasons.
Pwn2Own, now in its fifth year, a hacking competition is divided into two areas: Web browsers and mobile phones.
This year, Microsoft Internet Explorer 8, Apple Safari 5.0.3 was Mozilla Firefox and Google Chrome browser aims. In the category of phone, Dell was venue Pro (Windows Mobile 7) geared Apple iPhone 4 (IOS), Torch BlackBerry 9800 (BlackBerry 6) and Nexus S (Android). OS and browser versions were frozen last week (so as not to be used, for example, was Apple’s Safari 5.0.4 update), so that all participants are working on the same version of an operating system.
Pwning owned and occurs when the attacker pinned the frozen version. If they take advantage of the increasingly used in the current firmware is available, they are also eligible to receive a cash prize. Pwn2Own 2011 contest ran March 9 to 11.
Vreugdenhil says many factors determine the hacking of how difficult a goal. There is security in the software itself, use the mitigations that are already available for this software, and then amount of research already done (which can accelerate the process of writing an actual application).
Firefox and Chrome browsers also remained unbeaten since the participants withdrew from Pwn2Own.
“Chrome has the advantages of several techniques for the reduction, certainly harder to hack. As for Android, we see no particular reason will Android be harder to get cut as one of the other targets would be.”
means Safari, Chrome, iPhone, Android and Blackberry use any WebKit in your browser so that they are all vulnerable to exploitation by the browser – which is exactly like the iPhone and Blackberry were attacked.
Charlie Miller, a Pwn2Own veteran who worked with Dion Blazakis to hack the iPhone 4 in this year’s competition with an error in the Mobile Safari web browser, and a “specially crafted Web page.” A team of 3 (Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmenn) defeated BlackBerry flare with a similar technique.
So what did the organizers think the choice of the outcome of 2011 is Pwn2Own?
Vreugdenhil and other organizers were not surprised that the iPhone went down quickly. It’s been a big goal and a lot of research has been done on this platform.
Android survival was somewhat of a surprise since there are also a great goal and had four candidates lined up.
Although no device unhackable several factors contribute to a safer product. For those who are out to find the most secure phone on the market, says Vreugdenhil you want features like DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), sandbox, code signing and the ease with which software can compare with being updated on the device.