iOS, BlackBerry OS fall at Pwn2Own

By on Mar 11, 2011 at 11:33 PM
Security March 11, 2011

Add Apple’s iOS and Research In Motion’s BlackBerry OS to the list of victims at this year’s Pwn2Own challenge. Conference veteran Charlie Miller, along with Dion Blazakis, deployed an exploit to iOS 4.2.1 through a vulnerability in Safari. By navigating to a custom-made webpage, the duo were able to execute remote code and gain access to the iOS address book. Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann also utilized a WebKit-based vulnerability to take down a BlackBerry Torch running BlackBerry OS 6.0.0.246. The three researchers noted that the exploit used on the BlackBerry’s mobile OS was difficult to craft due to the lack of documentation, software tools, and resources available. They also noted that most of the operating systems security was achieved via obscurity, and stated that the company was “way behind the iPhone at the moment, from a security perspective.” No conference participants have yet to challenge Google’s Android or Microsoft’s Windows Phone 7 operating systems.

Read

Tags:
, , , , , , , , , , , , ,
46 Comments

Related Articles

  • pappyofgoofannation

    trolls in 5.
    4
    3
    2
    1

    • http://thesistown.com/writing/tips/dissertation-thesis dissertation thesis

      oh no))) i think even sooner))))

    • Iconic

      That’s great stuff

  • dwinsmith

    What about iOS 4.3?

    And why weren’t Android browser and IE on WP7 challenged?

    • http://pulse.yahoo.com/_GP2WYAHXS6CRUREISWBGPUSUGE Michael

      Google’s Chrome, both Mobile and Desktop Version have yet to have someone crack them. Once they get in, they cannot get out.

      • dwinsmith

        There is no Chrome mobile. The Android browser is not Chrome.

  • Anonymous

    someone will say iOs 4.4 wont have flaws

  • Anonymous

    Any OS can be hacked. At these competitions, everyone but Google and Mozilla are always on the chopping block first. Especially Apple and Microsoft.

    Poor RIM though, they’re dying, have a heart.

  • Anonymous

    No need to hack Android. . .just load an app.

    Flame away, Fandroid suckers.

    • Lorenzoo90

      I think you mean fagdroids

      • atlharry

        So original! iFag.

      • LIFESAYS…

        im guessing you’re a bottom… i bet you’re happy that the android has thumbs now.

    • atlharry

      And that’s worse than just visiting a website… how?

    • http://www.youtube.com/watch?v=AR6HpRLyzMY Walter Sobchak

      You are just priceless!

      • Anonymous

        THIS IS WHAT HAPPENS WHEN YOU FUCK A STRANGER IN THE ASS!

    • Anonymous

      So you can hack an iOS device by going to a WEBSITE. But that’s more secure than someone intentionally downloading an application? Really?

    • Anonymous

      lol Funny and true. But was this not patched on 4.3

  • Bobdonhim

    BB is behind Apple in security…these geeks credibility just went out the window. Heck, the way BGR is these days, they probably crafted this themselves.

    • numetheus

      So, to say anyone is behind BlackBerry in security instantly discredits them? Wow you’re an ignorant BlackBerry snob.

  • Lame

    lol @ way behind the iPhone. Last time I checked there weren’t any videos of BlackBerry passwords being stolen in less than 60 seconds. Not to mention that an OPEN SOURCE webkit browser was the cause of the exploit.

    This site is so lame…honestly.

    • Anonymous

      Ah. So you like to occupy your time with things you believe to be lame? That only makes sense if you’re a moron.

      Oh, wait.

  • Anonymous

    Big deal this happens to apple every year nothing to see here its an annual event a feature move along blackberry on the other hand

  • Todd

    There were indeed scheduled challengers to Android and Windows phone 7… they just didn’t show up.

    • numetheus

      They got a call for pizza delivery and were held up by traffic.

  • BerryKing

    By the way, for all of you fagdroids suckers and icrap fanboys to know, part of the blackberry webkit browsers code is partly base on some iOS browser code! so we can already see where the vulnerability came from!

    Also, how can the Blackberry be behind Apple when they specifically said them selfs that “The three researchers noted that the exploit used on the BlackBerry’s mobile OS was difficult to craft due to the lack of documentation, software tools, and resources available.” BGR, im starting to believe that you are loosing ALOT of credibility. And all other sites that are talking about PWN2OWN event, hasnt stated what BGR is stating that those guy said about BB being behind Apple in security!!

    Anyway, it all ends by saying Blackberry is the Shit!!
    Hail to the Playbook!

    • http://pulse.yahoo.com/_GP2WYAHXS6CRUREISWBGPUSUGE Michael

      you have a platform that does not release it’s SDK, nor it’s coding and they frakking cracked it? And for you to blame BBOS short coming or iOS or Google’s OS is pretty lame. They all three use a Web-Kit style browser. That is where the similarities STOP. They are all in competition with each other and what is one of the major draw points to a smart phone. The browser. So please quit acting like it a was fluke that it was cracked due to a faulty coding error in iOS.

      • BerryKing

        No act! Just facts!
        And i never said it was a fluke! Just stating BGR is not consistent in their article and what they are stating! Also, webkit codes is open platform! This is not BBOS directly responsible for this! If it had the old lousy browser (Yes even BB fan do admit that the old browser was lame and a pain in the ass) it wouldnt of happened! So thats basically a results of the demand of the mass of having an open source webkit browser. So the problem does not reside in the OS itself but in the same DANM freakin code base webkit that all of those platforms use!
        FUCK people READ GOD DANM IT!!
        Blackberry is the Shit!!
        Hail to the Playbook!

      • http://pulse.yahoo.com/_GP2WYAHXS6CRUREISWBGPUSUGE Michael

        You are all jacked up on KoolAid and trolling pretty hard their kid.

        First it was iOS’s fault and now it’s the demands of the masses. Okay which is it.

        And if it was a WebKit design flaw why hasn’t Google Chrome nor FireFox fallen yet?

      • BerryKing

        @Michael
        I believe your stuck on some really wak cheap home made brand while i use koolaid dumb fuck!

        Obviously you cant figure it out for your self cant you???
        The iOS webkit is one of the first on the market! Obviously part of the code, and i repeat, part of the code is from iOS. And BB decided to go the webkit way because of the mass demand and the fact that in terms of rendering performance, it is better than their old browser!
        Jesus!! Your worst than a 4th grader!! LOL Cant understand shit and we need to explain you everything cause even if u are a grown man, your just a fuckin ignorant ass little girl still piing in her pants! LOL
        And if you would of followed PWN2OWN you would of known that the groups scheduled for chrome and firefox canceled and didnt come at all. And its not because they cant crack it you Moron, but more for personal reason you idiot!
        Go change your diapers now that you got educated! lol
        Blackberry is the Shit!!
        Hail to the Playbook!

  • Dan

    BGR #FAIL…………….This article is trash

  • Max

    Blackberry is for Morons so I’m not surprised at all. When you shovel out 2002 software in 2011, expect to get hacked. But when you’re catering to MORONS, who needs updated technology? Not the BB Tech Mental Midget Brigade.

    • BerryKing

      Dude, YOU sound like a MORON obviously! You dont know jack shit about neither of all 3 platform and your stating that BB got hacked due to the software which YOU are the only MORON that believes its from 2002. Fuckin Morons! Those Fagdroids guys actually sound educated when they talk (Sometimes) and iCrap fanboys at least know their product inside out! But you dont know JACK SHIT!
      Wow! If Ignorance and stupidity was a profession, you would be the teacher! LOL

      • http://twitter.com/BuckWheaties Duhwayne D’Zyre Reed

        Lemme guess, you got a thing for hurting small animals dont you?

    • Bobdonhim

      The iPhone has looked the same since day one (both hardware and OS) and if the rumors are true, nothing changes with iPhone 5. Apple is so 2004!

  • Jmotyka07

    You people are honestly the dumbest trolls I’ve ever seen! You argue over the most rediculous topics. I feel like most of you just like to hear yourselves talk and one up each other grow up. Ps there will always be security holes!!!!!!!

  • http://pulse.yahoo.com/_GP2WYAHXS6CRUREISWBGPUSUGE Michael

    I’d love to see the guys @ Crackberry’s faces when they read this.

  • http://twitter.com/BuckWheaties Duhwayne D’Zyre Reed

    @berryking you need some schoolin son, your grammar stinks! Your attitude isn’t much better.

    • BerryKing

      Who the fuck cares about grammar! You need to stay in school if you wanna correct peoples spelling mistakes! this is a blog dumb ass! Im not writing a novel here! Unnecessary and dumb comment! Go on a spelling grammar blog instead!

      • http://twitter.com/BuckWheaties Duhwayne D’Zyre Reed

        LOL!

  • Max

    Hi I’m a Blackberry Moron. If it doesn’t have a physical keyboard, bbm, and brick breaker, I dont want it.

    • BerryKing

      According to you, that joke should of been funny bak in 2002! Now its just old and wak! You really suck dude! you are worst than a RIM job like your fellow fagdroids and iCrap fanboys like to say it! Lame!

  • Shetty Macnamara

    Why anyone compares operating systems and devices is beyond me. The big 3, apple, blackberry and android each have their relative place in the market. Comparing a blackberry to an iphone is like comparing a mack truck to a plush RV and saying the mack truck sucks because it doesn’t have a kitchen. Some like blackberries because they have a specific need for one and others like apple for the same reason. Obviously one will do things much better than the other, and one will have issues that the other doesn’t have. One great thing about android is that they’ve left it to the handset manufacturer to do the design, while apple and blackberry haven’t. It would be cool to see blackberry allow other manufacturers use their operating system just like they did a few years back with bb connect.

    • BerryKing

      While I do share part of your comment, I would like to bring just a small correction to it: Blackberry connect was not the OS that they ported on other devices like Nokia and Windows phone. It was only a “Bridge ” if we can call it like that, to the BIS so that external devices would be able to log into that infrastructure and get a PIN assigned to their handheld so they can use such service like BBM. Unfortunately, RIM has terminated the program and services related to that awhile ago!

  • Anonymous

    Attention all the posters above me flaming one another calling each other out as morons. I would call every single one of you a dumb bunch of fags but that would be a huge insult to the gay people of this world who unlike yourselves actually have brains. Any fucking platform can be hacked if given time ANY PLATFORM. Now stop acting like such a bunch of dumb cunts get off the internet and go get your grade 6 homework done you bunch of stupid little bastards.

  • http://www.nextgensmartphone.com/ Predamarius

    Very interesting, thanks.

  • http://caspan.com Caspan

    I would love to actually have them explain how they believe the BlackBerry is behind the iPhone on security. If it is it is but explain other then just an opinion.

    As well they don’t explain did this circumvent the requirement for user required trusted application status or how was this exactly run? People just throw out blank statements like the BlackBerry got hacked with not real details like the user was required to hit yes 3 times after installing an app for this to work.

    If in fact a user just visited a web site and 3 seconds later people had access to your data I would like to know that.

blog comments powered by Disqus