Windows Phone may be Pwn2Owned this September

Vupen, the winner of the last Pwn2Own contest

Tipping point is introducing a mobile component to their annual Pwn2Own content, taking their hacking contest to the most popular smartphones, including Windows Phone.

$200,000 worth of prizes are at stake, and the contest is sponsored by Blackberry, who no doubt is hoping to show their phones are more secure than other operating systems.

Handsets included in the contest include the BlackBerry Bold 9930, Samsung Galaxy SIII, Nokia Lumia 900 and the Apple iPhone 4S.

To win the hack must require little or no user interaction and must compromise or exfiltrate useful data from the phone. Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) will count as a win.

The contest recognizes that mobile web browsers are the easiest route and are only offering $20,000 for hacking these.  A successful attack via SMS and NFC will however gain a hacker $40,000, while the hardest, an attack via the cellular network will win a full $100,000.

As always, vulnerabilities revealed by contest winners will be disclosed to affected vendors through HP’s Zero Day Initiative before being made public.

Windows Phone has of course had its own SMS vulnerability patched only recently, and has not been under as intense hacking pressure as the iPhone and lesser extent Android, so it will be interesting to see how long it holds out against the hacker assault.

The contest will take place the 19th and 20th of September, 2012 in Amsterdam, Netherlands during the EUSecWest conference.

Read more about the contest at Tipping Point here.

Comments