The 2016 edition of Mobile Pwn2Own has wrapped, and the contestants demonstrated some unique attacks against the iPhone 6S and Nexus 6P.

By the end of the day, researchers showed how phones – even while running the latest software and patches – could have a rogue application installed and pictures or data stolen. With multiple successful exploits, Tencent Keen Security Lab Team claimed the title of Master of Pwn with 45 points and $215,000 total awarded.

The competition started with Tencent Keen Security Lab Team targeting a Google Nexus 6P. Their attempt to install a rogue application succeeded earning them $100,000. They combined two different bugs in Android then leveraged other weaknesses within the OS on their first and subsequent attempts. By acing all three attempts, they earned the sniper, strength, and stealth style point bonuses. In the end, they tallied up $102,500 USD and 29 points towards Master of Pwn.

Next, Tencent Keen Security Lab Team targeted the iPhone 6S with a rogue application. The app did install, but it didn’t persist after a reboot of the phone. As such, this only counts as a partial success. Still, they used some interesting bugs that should be fixed. These bugs earned them a $60,000 USD award but no Master of Pwn points.

Leave a Reply

Please Login to comment
2 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
1 Comment authors
HanTang Recent comment authors
Notify of