Feeds

Hacking contest offers $10,000 for iPhone exploit

Pwn2Own your smartphone

The Essential Guide to IT Transformation

An annual hacker competition planned for next month has setting its sights on Apple's iPhone and four other smart phones in a contest that will pay cash prizes of $10,000 to anyone who can break in to the mobile devices.

The contest will present contestants with phones running the Android, Symbian, and Windows Mobile operating systems as well a BlackBerry and an iPhone. To qualify for the $10,000 prize, hackers must submit exploits that work against email, SMS test, website browsing, and "other general actions a normal user would take while using the device," according to these rules published 3Com's TippingPoint unit, the competition's sponsor. All devices will be fully patched.

A second-track of the competition will challenge hackers to take their best shots at web browsers. Internet Explorer 8, Firefox, and Google Chrome will be running on a Sony Vaio running Windows 7, and Safari and Firefox will be installed on a MacBook running OS X. Successful exploits in this track will net $5,000 per bug.

This is the third year of the Pwn2Own contest, scheduled for March 18-20 at the CanSecWest security conference in Vancouver, British Columbia. Last year, a brand-new MacBook air was the first to fall during day two of the competition, which pitted the Mac against high-end laptops running Linux and Microsoft's vista. Charlie Miller of Independent Security Evaluators said at the time that he picked OS X because he thought it was the easiest.

The Windows laptop was the next to be hacked, leaving only the Ubuntu machine standing by contest's end.

Contest rules require winning contestants to keep details of their exploits confidential until after the vendor has fixed the underlying vulnerability. Sponsor TippingPoint runs the Zero Day Initiative, which pays bounties for vulnerabilities that are responsibly disclosed.

As has been the case in the past, day one of the competition will require exploits to work on a limited number of applications. On days two and three, the attack surface will be gradually be expanded. Physical access to the mobile devices will not be given.

Once again, The Register will be covering the contest in all its glory. ®

Build a business case: developing custom apps

More from The Register

next story
4K video on terrestrial TV? Not if the WRC shares frequencies to mobiles
Have your say with Ofcom now, before Freeview becomes Feeview
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
Really, er, stands out among cheapie 7-inchers
Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
Cheapest models given new processors, more RAM
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.