Thursday, September 20, 2012

Cell Phone Hackers Show Off at Pwn2Own Contests

via at
"This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) devices and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.

For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it's important to start wrapping your mind around the idea of separating work from play on smart phones and tablets."

...a skilled hacker can beam an exploit via NFC to automatically open a maliciously rigged document on your Android device. A few exploitation tricks later and it's game over. On iPhone, which is widely hailed as the most secure mobile OS platform, WebKit continues to be a security nightmare and a popular target for hackers building drive-by download exploits. There are still ways to bypass Apple's code signing and sandboxing mitigations. (more)