iPhone 7, Samsung Galaxy S8, Others Hacked in Pwn2Own

Researchers participating in the Mobile Pwn2Own 2017 competition developed exploits for the iPhone 7, Samsung Galaxy S8, and others.

Dark Reading Staff, Dark Reading

November 2, 2017

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Participants in the Mobile Pwn2Own 2017 competition successfully hacked into Apple's iPhone 7, Samsung's Galaxy S8, and Huawei's Mate 9 Pro during the first day of competition, according to event organizer Trend Micro's Zero Day Initiative (ZDI).

The two-day event offers prize money in excess of $500,000 and the $345,000 was earned during the first day, according to a SecurityWeek report. All vulnerabilities exploited during the competition will be disclosed to the vendors and they will have 90 days to issue a fix before ZDI issues a limited advisory with mitigation suggestions, according to ZDI.

A team from Tencent Keen Security Lab discovered four vulnerabilities in the Apple iPhone 7 running iOS 11.1, that could lead to a remote code execution through a WiFi bug and escalate privileges to persist through a reboot, ZDI says. The Tencent team earned $110,000 for the four bugs.

360 Security, meanwhile, found a bug in the Samsung Internet browser, in which privileges could be escalated in a Samsung app to also persist through a reboot, notes ZDI. 360 Security earned $70,000 with their demonstration.

Learn more about the Mobile Pwn2Own 2017 competition here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights