At the Pwn2Own competition as part of PacSec security conference held in Tokyo, iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 were all exploited at the hands of top white hat hackers.
- Hacking team Fluoroacetate managed to hack the Xiaomi Mi6 via the NFC component. They exploited the touch-to-connect feature, opening a web browser on the phone and went to a web page that used an out-of-bounds write vulnerability, leading to code execution. For this, they were awarded $30,000.
- The same group then targets the Galaxy S9. They targeted the device with a heap overflow in the baseband component which is responsible for cellular radio. For this, they were awarded $50,000.
- Next, they moved on to the iPhone X, staging a WiFi attack by exploiting a vulnerability in the web browser and an out-of-bounds write bug for the sandbox escape and escalation.
- At the start of day 2, Fluoroacetate managed another 0-day exploit in the iPhone X (netting them $50,000), and the Xiaomi Mi6 (earning them $25,000).
MWR Labs managed to stage a silent app installation on the Xiaomi Mi6 and steal photos from the phone. This earned them ($25,000)
- Fluoroacetate were declared the winners, earning a total of 45 points and $215,000 USD and the title “Master of Pwn”
We are sure this conference has provided some valuable information to the creators of the three flagship phones that were exploited. The white hat hackers managed to prove that there’s still a way to go to secure our devices from malicious attackers.
The full details of the vulnerabilities and exploits discovered will be made available, allowing vendors to patch deployments. At present these vulnerabilities remain present in the flagship phones, putting users at risk until patches are released.