Hacking contest offers $10,000 for iPhone exploit
Pwn2Own your smartphone
An annual hacker competition planned for next month has setting its sights on Apple's iPhone and four other smart phones in a contest that will pay cash prizes of $10,000 to anyone who can break in to the mobile devices.
The contest will present contestants with phones running the Android, Symbian, and Windows Mobile operating systems as well a BlackBerry and an iPhone. To qualify for the $10,000 prize, hackers must submit exploits that work against email, SMS test, website browsing, and "other general actions a normal user would take while using the device," according to these rules published 3Com's TippingPoint unit, the competition's sponsor. All devices will be fully patched.
A second-track of the competition will challenge hackers to take their best shots at web browsers. Internet Explorer 8, Firefox, and Google Chrome will be running on a Sony Vaio running Windows 7, and Safari and Firefox will be installed on a MacBook running OS X. Successful exploits in this track will net $5,000 per bug.
This is the third year of the Pwn2Own contest, scheduled for March 18-20 at the CanSecWest security conference in Vancouver, British Columbia. Last year, a brand-new MacBook air was the first to fall during day two of the competition, which pitted the Mac against high-end laptops running Linux and Microsoft's vista. Charlie Miller of Independent Security Evaluators said at the time that he picked OS X because he thought it was the easiest.
The Windows laptop was the next to be hacked, leaving only the Ubuntu machine standing by contest's end.
Contest rules require winning contestants to keep details of their exploits confidential until after the vendor has fixed the underlying vulnerability. Sponsor TippingPoint runs the Zero Day Initiative, which pays bounties for vulnerabilities that are responsibly disclosed.
As has been the case in the past, day one of the competition will require exploits to work on a limited number of applications. On days two and three, the attack surface will be gradually be expanded. Physical access to the mobile devices will not be given.
Once again, The Register will be covering the contest in all its glory. ®
COMMENTS
@AC
Gonna be tricky to jailbreak an iPhone without physical access to it... but why should facts get in the way of your 'witty' comment eh?
smart hackers stay away anyway
There are 2 types of hackers, the good ones and the wannabe's.
Good hackers are those who are not bragging and surely not giving away their secrets.
Its those who can get in, pwn the system as if it was their own, leave without a trace, and most importantly, are not bragging or telling anyone about it.
They are most valuable int his contest but wont show up.
And rest assured that they are the ones with the best chances at winning if they wanted to.
Paris because she too will stay away from this contest
wot no linux?
I take it they learned their lesson from last year and neatly avoided the operating system that cannot be hacked. Cowards.
Let me be the first to guess how it will be done!
They jailbreak the iPhone and load up a compiled version of flash from an old code base. Or better yet, try and get excel compiled and running on the device or load up lots of network daemon services after installing a shell interface!
Nah... who am I kidding, they'll probably just send it an SMS or lick the glass screen or something rather simple.
