Pwn2Own 2016 – Keen Team won $215k by hacking Nexus 6p and iPhone 6S

Tencent Team Keen won $215k at PWN2OWN Mobile by hacking Nexus 6p and using two exploits for the iPhone iOS 10.1 … all in just 5 minutes each round.

Yesterday I was writing about the possibility to hack an Apple device just by opening an image or a PDF, today I desire to inform you that the Keen team at Mobile Pwn2Own contest has hacked a Nexus 6P in five minutes.

Yes, you’ve got it right!, The Keen hackers compromised Nexus 6P using a malware that doesn’t request user interaction, and the entire attack lasted less than five minutes.

This year two teams have participated the competition, the Tencent Keen Security Lab Team, and Robert Miller and Georgi Geshev from MWR Labs.

The hackers of the Keen Team won US$102,500 in prizes for this hack, overall price for the various hacks is US$375,000 that will be assigned by the Trend Micro’s Zero Day Initiative. The team also received 29 Master of Pwn points for the exploit.

The researchers exploited a combination of two vulnerabilities and other Android security issues. The Zero Day Initiative (ZDI) awarded them $102,500 and 29 Master of Pwn points for the hack.

In the contest hackers will target a wide range of devices, including Nexus 6P, Apple iPhone 6S, and Samsung Galaxy S7.

Keen also targeted the iPhone 6S attempting to install a malicious app, but the attack was only partially successful because the application did not gain the persistence due to a default configuration setting. In this case, the hackers earned $60,000 of $125,000 for the flaw they have exploited.

The Keen Lab team earned also $52,500 and further 16 Master of Pwn points for stealing photos from an iPhone 6S via a use-after-free vulnerability in the renderer and a memory corruption bug in the sandbox. It is interesting to note that the attack was successful despite Apple has released the new version of its mobile OS, iOS 10.1 .

The second team, composed of Miller and Geshev from MWR Labs attempted to install a malicious app on a Nexus 6P, but their exploit was stable due to a recent improvement in the Chrome browser.

Of the overall payout of $375,000, researchers earned $215,000.

It is important to praise the spirit of these experts that participated to the Mobile Pwn2Own 2016. Selling their exploits to intelligence agencies or to a zero-day broker firm, they would earn much more.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Mobile Pwn2Own, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.