On the lighter side of things, it still rings true that any piece of hardware can be hacked. Dan Goodin reported on a few of the goings on at the sixth annual mobile Pwn2Own contest, being held at the EUSecWest security conference in Amsterdam. Perhaps the most notable piece of news to come out of the contest was the fact that security researchers from Certified Secure and from MWR Labs were able to commandeer an Apple iPhone 4S using iOS 5 and a developer version of iOS 6, and a Samsung Galaxy S3 running Android 4.0.4. The news of this came just days before the highly anticipated release of the new iPhone 5. The exploit allowed the team to “pilfer the address book, photos, videos, and browsing history from the iPhone 4S”. It is believed that since they were able to perform the hack on the developer version iOS 6 software, the hack will work on the new iPhone and other apple devices running the OS. While this may not be the end of the world, it is a bit scary to see that nothing is safe in this world. The Android hack contains an exploit that penetrates its Near Field Communication feature. When I was reading through the article and saw this, I had to gasp for a second. This was one of the features that sold me on buying my shiny new galaxy S3 over waiting for the new iPhone. According to the article the hack works like this,
“it used a new feature known as Near Field Communication to upload a malicious file to the device. The file was then able to bypass security mitigations including address space layout randomization, data execution prevention, and application sandboxing so it could eventually execute.”
I tend to be bias when it comes to apple stuff; I am not a big fan. So, I should mention that most in the industry still consider the iPhone to be the most secure mobile device. The biggest piece of advice the article give is regardless of your choice of phone, do not do “anything of value” on it.
No comments:
Post a Comment