Google can leave the Pwn2Own hacking contest with their heads held high. Chrome, and the software stack for Android survived hack attacks from the most skilled talent in the world, while Internet Explorer 8 and Safari fell badly in the browser category. Apple's iPhone 4 and RIM's Blackberry Torch 9800 were defeated in the smartphone sector.
As KitGuru covered yesterday, Pwn2Own is a hacking contest held annually at the CanSecWest security conference. During this event security experts and hackers attempt to break into devices through the software.
Apple and Google updated their browsers last minute for the competition and as Kitguru released yesterday, Safari was the first browser to falter, followed by Microsoft's Internet Explorer. Strangely Microsoft didn't offer any last minute security updates. It took only 5 seconds to take control of Safari after french group VUPEN pointed the browser to its specially designed web page. This exploit worked on version 5.0.4.
Internet Explorer 8 was next to fall, the 32 bit version was running Service Pack 1 and was exploited through three separate vulnerabilities, two of which escaped the protected mode sandbox.
Google's Chrome browser was not successfully compromised on a CR-48 Chrome OS notebook. Android phones also proved to be tough to break and withstood the hackers attempts. Windows Phone 7 also proved strong, while Apples' iPhone 4 and Rim's Blackberry Torch 9800 fell over to the hackers.
Charlie Miller, known as ‘Mr Four-peat' took down the iPhone with his colleague from Baltimore based consulting firm Independent Security Evaluators, Dion Blazakis. Miller is a four time champion from 2008 to 2011.
KitGuru says: Pwn2Own winners are forbidden in discussing the vulnerabilities and the contest also forbids them in releasing the attack code via public channels.
It just shows how good Google code really is on everything they do
What about Firefox? Why is the second largest browser after IE absent from news reports about Pwn2own?
Android, while it may be hard to hack is trivial to write malware for through apps, as has been recently in the news. Even a battery level widget asking for permissions for everything from net access to phone information and location, and people are so used to giving such permissions that malware has a really easy time. So while technically Android may have good security, at the user engineering level it suffers in this respect.
What about Firefox? Why is the second largest browser after IE absent from news reports about Pwn2own?
Android, while it may be hard to hack is trivial to write malware for through apps, as has been recently in the news. Even a battery level widget asking for permissions for everything from net access to phone information and location, and people are so used to giving such permissions that malware has a really easy time. So while technically Android may have good security, at the user engineering level it suffers in this respect.