Nowadays Big companies present hacking competitions for all the hackers where they will get paid instead of being put in jail. Recently, Google has reported a competition relating to hacking a Nexus 6P or Nexus 5X offering likely $200K to anyone who hacks it.
Recently, a hacking event called Pwn2Own the mobile edition sponsored by the Software security firm Trend Micro, where some White Hat hackers were invited to examine their intelligence against 2015’s Smartphones which contains the Nexus 6P, iPhone 6s, and the Galaxy S6.
People, those who are unknown, Pwn2Own is a computer hacking challenge which is held every year at the CanSecWest security conference, established in 2007. Here contestants are challenged to adventure extensively used Softwares and mobile devices with previously unknown susceptibility.
By applying multiple Android bugs, the Tencent Keen Security Lab Team who were up to the challenge managed to get a swindler app installed on the phone. Even though, Nexus 6P was outfitted with the newly monthly security patches, not with the fully unlocking device but accesses user’s data. The team earned $102,500 in total prize money and 29 points towards Master of Pwn, with three successful attacks in various “Sniper”, “Strength” and “Stealth” categories.
Another, the iPhone 6s with a rogue application targetted by Tencent Keen Security Lab Team. Nonetheless, it did not linger after rebooting. As per the result, it was considered as a partial achievement but it did earn them $60,000 for it but no Master of Pwn points.
Robert Miller and Georgi Geshev from MWR Labs then targeting the Google Nexus 6P with a rogue application installation. But they were not able to get the same results.
Lastly, Tencent Keen also managed to get a rogue app to target the iPhone 6s to leak photos successfully. They mixed a UAF(use-after-free) bug in the render and a memory corruption bug in the sandbox to steal a photo from the phone. This hack earned them $52,500 and 16 points towards Master of Pwn.
The Tencent Keen Team earned enough hacking and style points and the total prize money of $215,000 and 45 points towards the Master of Pwn. The susceptibility in the Nexus 6P or Android that allowed the attack will be confessed to the Google for patching, according to the MobilePwn2Own rules.
Source: Trend Micro