Feeds

Hacking contest offers $10,000 for iPhone exploit

Pwn2Own your smartphone

Application security programs and practises

An annual hacker competition planned for next month has setting its sights on Apple's iPhone and four other smart phones in a contest that will pay cash prizes of $10,000 to anyone who can break in to the mobile devices.

The contest will present contestants with phones running the Android, Symbian, and Windows Mobile operating systems as well a BlackBerry and an iPhone. To qualify for the $10,000 prize, hackers must submit exploits that work against email, SMS test, website browsing, and "other general actions a normal user would take while using the device," according to these rules published 3Com's TippingPoint unit, the competition's sponsor. All devices will be fully patched.

A second-track of the competition will challenge hackers to take their best shots at web browsers. Internet Explorer 8, Firefox, and Google Chrome will be running on a Sony Vaio running Windows 7, and Safari and Firefox will be installed on a MacBook running OS X. Successful exploits in this track will net $5,000 per bug.

This is the third year of the Pwn2Own contest, scheduled for March 18-20 at the CanSecWest security conference in Vancouver, British Columbia. Last year, a brand-new MacBook air was the first to fall during day two of the competition, which pitted the Mac against high-end laptops running Linux and Microsoft's vista. Charlie Miller of Independent Security Evaluators said at the time that he picked OS X because he thought it was the easiest.

The Windows laptop was the next to be hacked, leaving only the Ubuntu machine standing by contest's end.

Contest rules require winning contestants to keep details of their exploits confidential until after the vendor has fixed the underlying vulnerability. Sponsor TippingPoint runs the Zero Day Initiative, which pays bounties for vulnerabilities that are responsibly disclosed.

As has been the case in the past, day one of the competition will require exploits to work on a limited number of applications. On days two and three, the attack surface will be gradually be expanded. Physical access to the mobile devices will not be given.

Once again, The Register will be covering the contest in all its glory. ®

The Power of One Infographic

More from The Register

next story
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
Really, er, stands out among cheapie 7-inchers
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
We have found the Holy Grail (of batteries) - boffins
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Microsoft confirms secret Surface will never see the light of day
Microsoft's form 8-K records decision 'not to ship a new form factor'
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.