Chinese White Hats Win $200,000 for Hacking iPhones, Google Devices | Hacked: Hacking Finance
Hacked: Hacking Finance

Cybersecurity

Chinese White Hats Win $200,000 for Hacking iPhones, Google Devices

Posted on .

Chinese White Hats Win $200,000 for Hacking iPhones, Google Devices

Introduction

This article was posted on Wednesday, 12:27, UTC.

 

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The Pwn2Own contest, a hackathon run by security firm Trend Micro’s Zero Day Initiative (ZDI) in Japan sees this year’s winners in Keen Lab, a popular crew of Chinese hackers who hacked Apple’s iPhone and Google’s Nexus device.

Keen Lab compromised the iPhone 6s by targeting two iOS vulnerabilities to steal pictures from an iPhone, according to Forbes. For that hack alone, they were awarded $52,500. Furthermore, they also installed a rogue application on the iPhone 6s. However, that app did not survive beyond a reboot of the phone, due to a default iPhone security configuration that prevented persistence of malware. Still, ZDI bought the bugs used by the hackers for $60,000.

A blog from Trend Micro revealed:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Keen Labs leveraged a use-after-free (UAF) bug in the renderer and a memory corruption bug in the sandbox to take photos off an iPhone 6S.

Meanwhile, the Nexus 6P saw Keen Lab install a malicious app on the device before repeating the attack three times. For this specific hack, they received an eye-watering sum of $102,500. Keen combined two separate bugs, along with other vulnerabilities that remain unveiled, on the Android platform.

ZDI chief Brian Gorenc spoke about Keen’s research to find vulnerabilities, stating:

These are critical in nature as they allow an attacker to disclose sensitive information or install a malicious application. We’ve seen similar exploits recently used in the wild.

Furthermore, he noted that all the successful exploits showcased during the hacking event were triggered by routing a connection to a malicious website via a web browser. While the exploits aren’t trivial to develop, particularly with the iOS platform, the damning fact still underlines the ease in which an unsuspecting target can turn into a victim.

// -- Get exclusive consultation for as low as $249 per month on MoneyMakers.com -- //

As white-hat hacking endeavors go, the vulnerabilities were instantly disclosed to Apple and Google, the developers behind two of the biggest mobile platforms in the world. While patches are currently being developed, it could be months before a patch is revealed while the exploit is plugged, Gorenc added.

Keen Lab are perhaps most notable for their much-publicized hacking exploits of the Tesla Model S this year.

The Tesla Model S was hacked by Keen Lab this year.

The Tesla Model S was hacked by Keen Lab this year.

The group of Chinese hackers devised a contactless remote control that went on to open the Tesla’s sunroof, initiate its steering lamp and move the car’s seats, all from afar, in one experiment. The other exploit showcased saw the hackers’ ability to take over complete control of the car, away from the driver in the vehicle.

Featured image from Pexels.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Navigation
The team:
Dmitriy Lavrov
Analyst
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Founder
Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
P.H. Madore
ICO Analyst
P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked’s sister site, CryptoCoinsNews, as Read More
Mate Csar
Analyst
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Justin O’Connell
Journalist
Justin O’Connell is a cryptocurrency journalist who works have appeared in the U.S.’s third largest weekly, the San Diego Reader & VICE. // -- Discuss and ask questions in our community Read More
Mati Greenspan
Analyst
Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Analyst
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Journalist
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
Jobs in a long slate of industries are vanishing into…