Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

This is not a drill: Hackers pop stock Nexus 6P in five minutes

Keen hackers at Mobile Pwn2Own

Darren Pauli Wed 26 Oct 2016  //  02:56 UTC

The Nexus 6P appears to have been hacked with attackers at the Mobile Pwn2Own contest installing malware without user interaction in less than five minutes.

The hack by China's Keen Team happened minutes ago at the Tokyo event and does not require users to do anything. It is as of the time of writing yet to be confirmed but contest organisers tell El Reg they are confident of its legitimacy.

Mobile Pwn2Own at the PacSec security conference in Japan pits hackers against the latest phones for a share of US$375,000 (£308,000, A$487,000) handed out by Trend Micro's Zero Day Initiative.

The Nexus 6P, Apple iPhone 6S, and Samsung Galaxy S7 will be targeted by hackers who have over previous months developed tailored and often highly-sophisticated chained exploits against the device. We're told the targets will be running on the latest, fully patched version of the operating system available on the selected device – Apple iOS or Google Android, basically.

Hackers of noted exploit crew Keen Team stand to win US$100,000 (£82,000, A$130,000) in prizes should the 6P hack be confirmed.

MWR Labs hackers Robert Miller and Georgi Geshev will within the next few hours also target the Nexus 6P in a bid to install a malicious application, and will score the US$100,000 prize even if Keen's exploit is confirmed.

Keen will also target the iPhone 6S attempting to install another rogue application on the stock and updated device for a prize of US$125,000 (£103,000, A$162,000)

The team will then return in a bid to rip photos from a locked iPhone 6S. If successful the crew will bag US$50,000 (£41,000, A$65,000). Each team under the contest rules has five minutes, over three attempts for a total of 15 minutes to pop devices.

Keen hacked the Nexus 6P on its first attempt and used the remaining slots to add flair and style to the exploits in a bid to claim the Master of Pwn award worth US$25,000 (£21,000, A$32,000).

Hacks can require users to browse to malicious content within the default browser or by viewing or receiving a malicious MMS/SMS messages. ®
Send us news
23 Comments

Apple to allow some iPhones to be repaired with used parts

'A strategy of half-promises and unnecessarily complicated hedges'

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Hard-coded credentials last thing you want in home security app

Huawei wants to take homegrown HarmonyOS phone platform worldwide

Chinese tech juggernaut eyes global expansion despite US tech restrictions

Novelty flip phone strips out almost every feature possible to be as boring as possible

Only good for calls and texts pretty much, and that's no mistake

World is finally buying more phones and prices are rising

Someone forgot to tell Apple and Samsung as Chinese brands rebound

Google One VPN axed for everyone but Pixel loyalists ... for now

Another one bytes the dust

Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware'

Report claims India's government, which is accused of using Pegasus at home, was displeased

Academics probe Apple's privacy settings and get lost and confused

Just disabling Siri requires visits to five submenus

Nano a nono: Pixel 8 phones too dumb for Google's smallest Gemini AI model

Some might say a blessing in disguise

Microsoft drags Windows Subsystem for Android into the trash

Amazon Appstore tieup fizzles out, too

Apple's trademark tight lips extend to new iPhone, iPad zero-days

Two flaws fixed, one knee bent to the EU, and a budding cybersecurity star feature in iOS 17.4

Lawsuit claims gift card fraud is the gift that keeps on giving, to Google

Play Store commissions are a nice little earner, wherever they come from