iPhone Survives Pwn2Own Contest
After the Mac went down in 10 seconds using a Safari exploit at this year’s Pwn2Own hacking competition, we figured the iPhone didn’t stand a chance. Now we’re pleasantly surprised to hear that the iPhone 3G survived the entire contest without being hacked. In fact, not a single one of the five smartphones entered were hacked in the alloted time.
Interestingly, it wasn’t because the iPhone’s Safari browser was more secure that kept it from being hacked. It was actually the device’s less powerful hardware that kept it from being able to handle the exploit methods used on the Mac OS.
“With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,” said Terri Forslof, manager of security response at 3Com Inc.’s TippingPoint unit, which sponsored the contest.
“Take for example, Nils’ Safari exploit,” said Forslof, referring to the German computer science student’s hack of the Apple browser, just one of three browsers he broke in short order. “People wondered why wouldn’t it work on the iPhone, why didn’t he go for the $10,000?” she said. “The vulnerability is absolutely there, but it’s a lot tougher to exploit on the iPhone.”