From the results of the Pwn2Own hacking competition, it looks similar to Android and Windows Phone 7 are difficult nuts to crack.
It took usually two days for hackers to fissure in to the Apple and Blackberry working systems during the three-day Pwn2Own contest final week, whilst Android and Windows Phone 7 models were deserted and left unhacked by the finish of the contest.
Is this since their working systems are more secure? Yes and no.
"The presence of a aim at Pwn2Own does not automatically assert it safer than a aim that went down," final year's Internet Explorer Pwn2Own leader Peter Vreugdenhil cautions. The contestants who were lined up to beat the Android and WP7 gadgets in the competition withdrew for a accumulation of reasons.
Pwn2Own , right away in its fifth year, is a hacking competition widely separated in to two areas: web browsers and mobile phones.
This year, Microsoft Internet Explorer 8, Apple Safari 5.0.3, Mozilla Firefox, and Google Chrome were the web-browser targets. In the mobile phone category, the Dell Venue Pro (Windows Phone 7), Apple iPhone 4 (iOS), BlackBerry Torch 9800 (Blackberry 6) and Nexus S (Android) were targeted.The OS and browser versions were refrigerated final week (so for example, Apple's Safari 5.0.4 refurbish was not used), ensuring that all contestants are working on the same chronicle of any OS.
Pwning and owning occurs if the hacker defeats the refrigerated version. If the take advantage of they used still exists in the stream firmware, they are moreover authorised to receive a financial prize. The 2011 Pwn2Own competition ran Mar 9 to 11.
Vreugdenhil says many not similar factors establish how hard a aim is to hack. There's the safety of the program itself, the take advantage of mitigations that are already in place for that software, and then the amount of investigate that has already been conducted (which can speed up the routine of essay an real exploit).
Firefox and Chrome web browsers were moreover left undefeated since contestants withdrew from Pwn2Own.
"Chrome has the advantages of having multi-part exploit-mitigation techniques that of course make it more difficult to hack. As for Android, you see no specific reason why Android would be harder to penetrate than a of the other targets."
Safari, Chrome, iPhone, Android and Blackberry all use WebKit in their browsers, that means that they are all receptive to exploitation by the browser - and that's precisely how the iPhone and Blackberry were attacked.
Charlie Miller, a Pwn2Own veteran, worked with Dion Blazakis to penetrate the iPhone 4 in this year's competition using a smirch in its Mobile Safari Web browser and a "specially-crafted webpage." A group of 3 (Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmenn) degraded the BlackBerry Torch using a similar technique.
So what did the contest's organizers regard of the result of 2011's Pwn2Own?
Vreugdenhil and other organizers were not astounded that the iPhone went down quickly. It has been a leading aim and a lot of investigate has already been completed on that platform.
Android's presence was a bit of a surprise, since it is moreover a large aim and had 4 contestants lined up.
Although no device is unhackable, a few factors minister to a safer product. For the that are out to find the safest phone on the market, Vreugdenhil says you'll wish to compare features such as DEP (Data Execution Prevention), ASLR (address space plan randomization), Sandboxing , ethics signing and the ease with that program may be
Pwn2Own Day 2 [Ars Technica]
No comments:
Post a Comment