http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9130346 By Gregg Keizer March 24, 2009 Computerworld None of the five smartphones slated for attack at last week's PWN2OWN hacking contest was compromised, a sign that security researchers have yet to adapt to the limitations of mobile, said the company that put up the prize money. "With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work," said Terri Forslof, manager of security response at 3Com Inc.'s TippingPoint unit, which sponsored the contest. Although three of the four browsers that were targets at PWN2OWN quickly fell to a pair of researchers -- netting one of contestants $5,000 and the other $15,000 -- none of the smartphones was successfully exploited. TippingPoint had offered $10,000 for each exploit of any of the phones, which included Apple Inc.'s iPhone and the Research in Motion Ltd.'s BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. "Take, for example, [Charlie] Miller's Safari exploit," said Forslof, referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. "People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?" she said. "The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone." [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Wed Mar 25 2009 - 00:16:04 PDT
This archive was generated by hypermail 2.2.0 : Wed Mar 25 2009 - 00:29:57 PDT