Feeds

iPhone and BlackBerry brought down in hacker competition

Attack of the killer drive-bys

Using blade systems to cut costs and sharpen efficiencies

Smartphones from Apple and Research in Motion were the latest devices to take a beating at an annual hacker contest that has come to expose the inherent weaknesses of internet communication.

Apple's iPhone 4 was brought down by a drive-by attack that exploited a heap overflow in code related to the handset's Safari browser. It was the fourth year in a row that Charlie Miller, a principal security analyst at Independent Security Evaluators, landed a big prize in the Pwn2Own competition. In past years, he successfully commandeered fully patched Mac laptops after using fuzzing software to identify bugs in Apple's Safari browser. Using the same technique, it took him less than a week to discover a flaw in the iPhone software.

“It's a lot different,” he said, referring to the difference of fuzzing an iPhone simulator and software for the Mac. “There's not as much code to exploit, and exploiting it is harder because you can't just get shell code because the way it's designed it's really hard to just put your code in there and run it.”

Miller's exploit succeeded 24 hours after Apple released an iPhone update that blocks his exploit for working properly. That's because iOS 4.3 adds a vulnerability mitigation feature known as ASLR, or address space layout randomization, that makes it hard to predict where code libraries and malicious payloads will be in a device's memory.

“If you update your iPhone, my exploit won't work, and it would take a lot of work to make it work,” said Miller, who collaborated on the exploit with fellow Independent Security Evaluators researcher Dion Blazakis.

Under contest rules, software versions were locked two weeks ago, allowing Miller to walk away with $15,000 in prize money and the iPhone that he compromised.

Also compromised on Day Two of Pwn2Own was a BlackBerry Torch 9800 running BlackBerry 6 OS. Willem Pinckaers, a researcher with security firm Matasano, and independent researcher Vincenzo Iozzo were able to steal a complete contact list and and cache of pictures stored on the device and write a file to its storage system. They did it by concocting a booby-trapped website that chained together a series of vulnerabilities, including an integer overflow flaw in the phone's Webkit-based browser.

The researchers compared their task of finding and exploiting a Blackberry flaw to finding their way through a labyrinth in the pitch dark because there is virtually no material documenting the internal workings of the Research in Motion handset.

“You can see how the browser works, but if it crashes you don't know anything,” Pinckaers said. “It's a system that no one knows anything about. Basically, it crashes or it doesn't crash, or it takes a very long time to respond. Those are the three options. So you have to (move) very slowly, one step at a time.”

Unlike the iPhone and Microsoft's Windows 7 Mobile, the BlackBerry doesn't come with ASLR or another protection known as data execution prevention and offers only a rudimentary security sandbox to isolate apps from more sensitive parts of the OS, the researchers said.

They had help from researcher Ralf Philipp Weinmann.

Also up for grabs on Day Two were a Dell Venue Pro running Windows 7 Mobile and a Nexus S running Google's Android OS. A researcher who signed up to attack the Dell handset using an exploit in the baseband processor used to connect to carrier networks withdrew at the last minute and may try again on Friday, during the final day of the competition. No one has stepped forward to attack the Android phone. No one attempted to compromise Mozilla's Firefox browser, which was also up for grabs on Thursday.

During Day One of Pwn2Own on Wednesday, the Safari and Internet Explorer browsers toppled under the weight of vulnerabilities that gave attackers full control of the underlying machines. No one attempted to hack Google's Chrome browser.

Now in its fifth year, Pwn2Own is sponsored by HP's TippingPoint division, which uses the exploits to develop signatures for intrusion prevention devices. It's being held at the CanSecWest security conference in Vancouver. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.