Hacked: Hacking Finance

Cybersecurity

Chinese White Hats Win $200,000 for Hacking iPhones, Google Devices

Posted on .

Chinese White Hats Win $200,000 for Hacking iPhones, Google Devices

Introduction

This article was posted on Wednesday, 12:27, UTC.

 

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The Pwn2Own contest, a hackathon run by security firm Trend Micro’s Zero Day Initiative (ZDI) in Japan sees this year’s winners in Keen Lab, a popular crew of Chinese hackers who hacked Apple’s iPhone and Google’s Nexus device.

Keen Lab compromised the iPhone 6s by targeting two iOS vulnerabilities to steal pictures from an iPhone, according to Forbes. For that hack alone, they were awarded $52,500. Furthermore, they also installed a rogue application on the iPhone 6s. However, that app did not survive beyond a reboot of the phone, due to a default iPhone security configuration that prevented persistence of malware. Still, ZDI bought the bugs used by the hackers for $60,000.

A blog from Trend Micro revealed:

Keen Labs leveraged a use-after-free (UAF) bug in the renderer and a memory corruption bug in the sandbox to take photos off an iPhone 6S.

Meanwhile, the Nexus 6P saw Keen Lab install a malicious app on the device before repeating the attack three times. For this specific hack, they received an eye-watering sum of $102,500. Keen combined two separate bugs, along with other vulnerabilities that remain unveiled, on the Android platform.

ZDI chief Brian Gorenc spoke about Keen’s research to find vulnerabilities, stating:

These are critical in nature as they allow an attacker to disclose sensitive information or install a malicious application. We’ve seen similar exploits recently used in the wild.

Furthermore, he noted that all the successful exploits showcased during the hacking event were triggered by routing a connection to a malicious website via a web browser. While the exploits aren’t trivial to develop, particularly with the iOS platform, the damning fact still underlines the ease in which an unsuspecting target can turn into a victim.

As white-hat hacking endeavors go, the vulnerabilities were instantly disclosed to Apple and Google, the developers behind two of the biggest mobile platforms in the world. While patches are currently being developed, it could be months before a patch is revealed while the exploit is plugged, Gorenc added.

Keen Lab are perhaps most notable for their much-publicized hacking exploits of the Tesla Model S this year.

The Tesla Model S was hacked by Keen Lab this year.

The Tesla Model S was hacked by Keen Lab this year.

The group of Chinese hackers devised a contactless remote control that went on to open the Tesla’s sunroof, initiate its steering lamp and move the car’s seats, all from afar, in one experiment. The other exploit showcased saw the hackers’ ability to take over complete control of the car, away from the driver in the vehicle.

Featured image from Pexels.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Navigation
Jobs in a long slate of industries are vanishing into…