Feeds

Hacking contest offers $10,000 for iPhone exploit

Pwn2Own your smartphone

Business security measures using SSL

An annual hacker competition planned for next month has setting its sights on Apple's iPhone and four other smart phones in a contest that will pay cash prizes of $10,000 to anyone who can break in to the mobile devices.

The contest will present contestants with phones running the Android, Symbian, and Windows Mobile operating systems as well a BlackBerry and an iPhone. To qualify for the $10,000 prize, hackers must submit exploits that work against email, SMS test, website browsing, and "other general actions a normal user would take while using the device," according to these rules published 3Com's TippingPoint unit, the competition's sponsor. All devices will be fully patched.

A second-track of the competition will challenge hackers to take their best shots at web browsers. Internet Explorer 8, Firefox, and Google Chrome will be running on a Sony Vaio running Windows 7, and Safari and Firefox will be installed on a MacBook running OS X. Successful exploits in this track will net $5,000 per bug.

This is the third year of the Pwn2Own contest, scheduled for March 18-20 at the CanSecWest security conference in Vancouver, British Columbia. Last year, a brand-new MacBook air was the first to fall during day two of the competition, which pitted the Mac against high-end laptops running Linux and Microsoft's vista. Charlie Miller of Independent Security Evaluators said at the time that he picked OS X because he thought it was the easiest.

The Windows laptop was the next to be hacked, leaving only the Ubuntu machine standing by contest's end.

Contest rules require winning contestants to keep details of their exploits confidential until after the vendor has fixed the underlying vulnerability. Sponsor TippingPoint runs the Zero Day Initiative, which pays bounties for vulnerabilities that are responsibly disclosed.

As has been the case in the past, day one of the competition will require exploits to work on a limited number of applications. On days two and three, the attack surface will be gradually be expanded. Physical access to the mobile devices will not be given.

Once again, The Register will be covering the contest in all its glory. ®

New hybrid storage solutions

More from The Register

next story
Half a BILLION in the making: Bungie's Destiny reviewed
It feels very familiar - but it's still good
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
4Gb/s speeds on a consumer drive, anyone?
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Get your Indian Landfill Android One handsets - they're only SIXTY QUID
Cheap and deafening mobes for the subcontinental masses
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.