Who survived this three-way hackathon: Android, iOS, or Windows Phone?

Microsoft, take a bow: Windows Phone survived this year's version of a hacking competition where contestants managed to pwn devices running on other operating systems.

 

Hewlett-Packard, whose Zero Day Initiative organized this year's Pwn2Own, said a contestant extracted cookies from Windows Phone but failed to take control of it.

 

"Nico Joly – who refined his competition entry on the very laptop he won at this spring’s Pwn2Own in Vancouver as part of the VUPEN team – was the sole competitor to take on Windows Phone (the Lumia 1520) this year, entering with an exploit aimed at the browser. He was successfully able to exfiltrate the cookie database; however, the sandbox held and he was unable to gain full control of the system," HP said.

 

On the other hand, this could be partially because several teams competed to take down the other platforms like iOS and Android, and even Amazon Fire Phone on Day One.

 

HP said South Korean competition veterans lokihardt@ASRT used a two-bug combination that pwned the Apple iPhone 5S via the Safari browser.

 

Also, two consecutive and successful attempts were made against the Samsung Galaxy S5 by Japan’s Team MBSD using NFC "to trigger a deserialization issue in certain code specific to Samsung."

 

Jon Butler of South Africa’s MWR InfoSecurity also used NFC to target the Samsung Galaxy S5.

 

Adam Laurie from the UK’s Aperture Labs used another NFC attack targeting the LG Nexus 5 to force BlueTooth pairing between phones.

 

MWR InfoSecurity used a three-bug attack to target the Amazon Fire Phone’s Web browser.

 

"In the process, nine bugs were exploited and immediately provided to vendors via coordinated disclosure," HP said.

 

Tech site Ars Technica noted Pwn2Own and similar contests have become a great equalizer among various computing products, especially those with smaller user bases.

 

"By creating strong incentives for successful hacks, the contests demonstrate that virtually no system or software is safe against an attacker with above-average technical skills and the time and determination to put them to good use," it said. — Joel Locsin/TJD, GMA News