It is now officially over – the 2016 edition of Mobile Pwn2Own, an event that has been bringing together the best of hackers at the CanSecWest security conference since 2007.
This year’s event saw researchers try to show the world that the Google Nexus 6P and Apple iPhone 6S can be breached and rogue apps installed even when the latest security patches have been installed. With this, it is possible for the hackers to steal your personal data, which includes photos and other media on your phone. The winners came from Tencent Keen Security Lab Team, taking home a total of $215,000 alongside 45 points for the title of Master of Pwn.
The first to go against the team of hackers was the Google Nexus 6P. The team successfully installed a rogue application on the flagship, a feat that earned them $100,000. The team combined two bugs and then leveraged other vulnerabilities within the Android OS on their way to successfully breaching the Google Nexus 6P three times. As a result, they were awarded bonus points with respect to the sniper, strength and stealth classes. In the end, Google was eventually parting with up to $102,500 for the successful hack of the Nexus 6P, with the team bagging a total of 29 points towards earning the Master of Pwn.
The next in line was the Apple iPhone 6S and just like the Google Nexus 6P, there was success in breaching the Apple phone. However, the vulnerability did not persist after the phone was restarted, meaning the success is considered partial. Nonetheless, this earned the team a total of $60,000 but no points were awarded towards the Master of Pwn.
The same team also targeted the iPhone 6S with another attack aimed at stealing photos stored on the phone. This attempt was a success and earned them a total of $52,500 alongside 16 points for sniper and stealth, adding to the initial 29 collected from Google Nexus 6P hacking.
Given that the Tencent Keen Security Lab Team has made two successful hacking attempts on the Google Nexus 6P and iPhone 6S as well as had partial success with a third attempt on the latter, it was crowned the Master of Pwn with a total of 45 points earned and a cash prize of $215,000.
The team mentioned that it has forwarded details of the vulnerabilities to both Google and Apple and we should be expecting the security holes to be addressed with upcoming software updates.