Hacking contest to test iPhone's security

2»

Comments

  • Reply 21 of 33
    Quote:
    Originally Posted by meelash View Post


    .... yeah, for the first day. Then when the iPhone is not hacked they'll "loosen" the rules on the second day so that they can get some juicy headlines.



    Isn't that what happened last year?



    They never allowed physical access, they loosened the rules so the contestant could ask an operator on the laptop to do typical tasks. In this cas he asked the operator to visit a website which contained an exploit code using a flaw in Safari.

    I think this is a perferctly valid hack, thanks to the hacker to have discovered the flaw and thanks to Apple to have fixed it.
     0Likes 0Dislikes 0Informatives
  • Reply 22 of 33
    meelashmeelash Posts: 1,045member
    Quote:
    Originally Posted by cozagada View Post


    They never allowed physical access, they loosened the rules so the contestant could ask an operator on the laptop to do typical tasks. In this cas he asked the operator to visit a website which contained an exploit code using a flaw in Safari.

    I think this is a perferctly valid hack, thanks to the hacker to have discovered the flaw and thanks to Apple to have fixed it.



    The fact that they "loosened" the rules at all shows what they're really about- headlines.



    It wouldn't have been very exciting if the end of the conference summary was that nobody won....
     0Likes 0Dislikes 0Informatives
  • Reply 23 of 33
    Quote:
    Originally Posted by Dorotea View Post


    Hmmm.



    People with way too much time on their hands.



    Like the morons posting here whining about this.



    It's super useful to have these devices hacked in a controlled setting instead of going undiscovered for months while the real bad guys are stealing your info. Ohhh, and watch out for those (hushed tone)... h-a-c-k-e-r-s. (hold me, I'm scared!)

     0Likes 0Dislikes 0Informatives
  • Reply 24 of 33
    Quote:
    Originally Posted by AppleInsider View Post


    After being humbled last year at the high-profile CanSecWest security conference, Apple faces further scrutiny as the same event organizers not only plan to test the Mac's defenses but, for the first time, the iPhone's as well.



    3Com's security branch, TippingPoint, says that the 2009 edition of the Pwn2Own challenge will ask security experts and others attending the Vancouver, Canada event to hack smartphones, not just computers, in an attempt to find exploits that would allow arbitrary code.



    I wish this TippingPoint thing would die. There were so many problems with how that contest was conducted and reported that it really just boiled down to being a publicity stunt for the event.



    It was reported like it was a methodical security test when in fact the contestants got to walk away with any hacked machines. Therefore it's no surprise the highly desireable Macbook Air was the first to be targeted and the first to go down. Second, the hackers only failed to get Windows first because it was running a service pack none of them expected. Third, OS X and Windows were both only compromised *after* the hackers were allowed to direct a user's behavior on the machines which, in effect, equals physical access which pretty much nullifies any conclusions you might want to draw about security.



    You know, the tech press had a field day with that event and they let the real headline walk right by them: the fact that all three platforms withstood the network-based attacks of the first day. That's amazingly good news and shows how far security on *all* platforms has come, but I didn't see anyone other than me in my blog reporting that.
     0Likes 0Dislikes 0Informatives
  • Reply 25 of 33
    meelashmeelash Posts: 1,045member
    well said.
     0Likes 0Dislikes 0Informatives
  • Reply 26 of 33
    hill60hill60 Posts: 6,992member
    Will they allow bluetooth access?



    Hopefully that will stop the constant complaints about the iPhones's disabled bluetooth stack.



    If not maybe a bluetooth exploit can be triggered by something contained in an MMS?
     0Likes 0Dislikes 0Informatives
  • Reply 27 of 33
    pxtpxt Posts: 683member
    Quote:
    Originally Posted by teslacoil6603 View Post


    make it a real challenge and prevent physical access to the test machines.

    No social engineering tricks should be allowed.



    I think both physical access and social engineering should be included. These are part of the real-world security challenge that we face and want to be protected from.
     0Likes 0Dislikes 0Informatives
  • Reply 28 of 33
    meelashmeelash Posts: 1,045member
    Quote:
    Originally Posted by PXT View Post


    I think both physical access and social engineering should be included. These are part of the real-world security challenge that we face and want to be protected from.



    Yeah, because in the real-world strangers have physical access to my PC. \



    And, by definition, no one can protect you against social engineering except yourself.
     0Likes 0Dislikes 0Informatives
  • Reply 29 of 33
    allow mms attacks. that makes the whole thing less interesting...



    TERRI FORSLOF WED 25 FEB 2009 00:09A



    Quote:

    Winning scenarios against the mobile devices include attacks that can be exploited via email, SMS text, website browsing and other general actions a normal user would take while using the device. Physical access will not be granted to the mobile devices, and proving successful exploitation of one of the mobile devices will be verified by our team of hardware hacker judges on the ground at the event.



     0Likes 0Dislikes 0Informatives
  • Reply 30 of 33
    hill60hill60 Posts: 6,992member
    Can you use a real virus that already exists?



    Just send an SMS containing a link to the SymbOS/Yxes worm as soon as you can get a phone number, Game Over Symbian within seconds.
     0Likes 0Dislikes 0Informatives
  • Reply 31 of 33
    monstrositymonstrosity Posts: 2,234member
    Quote:
    Originally Posted by hezekiahb View Post


    I think that comment makes no sense, what is their malicious intent? .



    To create security problems where there was once no security problems, come on wise up These companies want to build a hacker base for the iphone... and make profit on it.



    Its bad for everyone bar them, dont kid yourself they are nice friendly folk doing good deeds.
     0Likes 0Dislikes 0Informatives
  • Reply 32 of 33
    hill60hill60 Posts: 6,992member
    I take it from the lack of screaming headlines that the hacker's attempts were somewhat unsuccessful.
     0Likes 0Dislikes 0Informatives
  • Reply 33 of 33
    freddychfreddych Posts: 266member
    Quote:
    Originally Posted by hill60 View Post


    I take it from the lack of screaming headlines that the hacker's attempts were somewhat unsuccessful.



    Another bump:



    http://www.engadget.com/2010/03/25/i...t-11/#comments
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.