Pwn2Own goes mobile: $200,000 prizes for iOS, Android, BlackBerry zero-day attack

Pwn2Own goes mobile: $200,000 prizes for iOS, Android, BlackBerry zero-day attack

Summary: Conference organizers at the EuSecWest are dangling cash prizes for any hacker who can demo a successful zero-day attack on mobile web browsers, Near Field Communication (NFC), Short Message Service (SMS) and the cellular baseband.

(This was the scene at the very first iPhone hack at the CanSecWest Pwn2Own contest in 2010 when Vicenzo Iozzo teamed up with Ralf Philipp Weinmann to pop Apple's iPhone device).

Conference organizers at EuSecWest in Amsterdam are dangling $200,000 in cash prizes to security researchers who demonstrate zero-day attacks against the most widely deployed smart phones.

The cash bounty will form part of Mobile Pwn2Own 2012, a special edition of the hacker challenge that pits vulnerability finders and exploit writers against fully patched computers and smart phones.

[SEE: Pwn2Own 2010: iPhone hacked, SMS database hijacked ]

TippingPoint ZDI, which is sponsoring the contest along with AT&T and BlackBerry, says the primary goal is to demonstrate the current security posture of the most prevalent mobile technologies in use today; including attacks on mobile web browsers, Near Field Communication (NFC), Short Message Service (SMS), and the cellular baseband.  

follow Ryan Naraine on twitter

The organizers plan to shell out a $100,000 prize for a successful hack of Cellular Baseband and $40,000 each for zero-day exploits against NFC and SMS.   For a mobile web browser hack, Pwn2Own will pay $20,000.

TippingPoint ZDI says each contestant will be allowed to select the device they wish to compromise during a pre-registration process. 

"The only requirement is that it be a current device and running the latest operating system.  The exact OS version, firmware and model numbers will be coordinated with the pre-registered researcher," the company said. 

Some examples of devices include:

  • BlackBerry Bold 9930
  • Samsung Galaxy SIII
  • Nokia Lumia 900
  • Apple iPhone 4S

For an attack to be deemed successful, it must use a zero-day vulnerability and must require "little or no user interaction."

To win the prize, hackers must also compromise or exfiltrate useful data from the phone.

"Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope," the company explained.

A special RF isolation enclosure will be provided to facilitate hacks without breaking local laws. 

Mobile platforms have been a staple at previous Pwn2Own contests but, apart from a few hits on Apple's iPhone and RIM's BlackBerry, they have emerged mostly unscathed.

Topics: Security, Android, iPhone, Mobile OS, BlackBerry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Better to spend that 200K on an android security public

    awareness campaign to instruct owners of android devices that they should leave them powered off at all times if they wish to remain secure :-)
    Johnny Vegas
    • A redmondish joke?

      First promote it with the Windows devices of all kinds. Report back to us
      • I know.

        How dare he make fun of Android. This is a religion he's insulting!
        William Farrel
  • It will

    It will likely be Mobile IE or Safari compromised first!
  • we got ferrel and vegas

    can loverock be far behind?

      Everywhere on this site people are asking about me. My fan club is awesome. Thank you for being a part of it.
      Loverock Davidson-
  • Pad and pencil

    If I can get a 1 lb Nexus for $200 all I need then is a wireless keyboard (and a stand for the screen).

    The ASUS Transformer fits the bill, but at $400 to $500 too pricey.

    At $200 I can leave it on the plane.

    Really we're talking about pocket calculators here...I should be able to get a pad soon, when they figure out how to print them on a plastic roll...for the price of a pad! (Paper pad that is...)