The Pwn2Own contest, a hackathon run by security firm Trend Micro’s Zero Day Initiative (ZDI) in Japan sees this year’s winners in Keen Lab, a popular crew of Chinese hackers who hacked Apple’s iPhone and Google’s Nexus device.

Keen Lab compromised the iPhone 6s by targeting two iOS vulnerabilities to steal pictures from an iPhone, according to Forbes. For that hack alone, they were awarded $52,500. Furthermore, they also installed a rogue application on the iPhone 6s. However, that app did not survive beyond a reboot of the phone, due to a default iPhone security configuration that prevented persistence of malware. Still, ZDI bought the bugs used by the hackers for $60,000.

A blog from Trend Micro revealed:

Keen Labs leveraged a use-after-free (UAF) bug in the renderer and a memory corruption bug in the sandbox to take photos off an iPhone 6S.
Meanwhile, the Nexus 6P saw Keen Lab install a malicious app on the device before repeating the attack three times. For this specific hack, they received an eye-watering sum of $102,500. Keen combined two separate bugs, along with other vulnerabilities that remain unveiled, on the Android platform.

ZDI chief Brian Gorenc spoke about Keen’s research to find vulnerabilities, stating:

These are critical in nature as they allow an attacker to disclose sensitive information or install a malicious application. We’ve seen similar exploits recently used in the wild.
Furthermore, he noted that all the successful exploits showcased during the hacking event were triggered by routing a connection to a malicious website via a web browser. While the exploits aren’t trivial to develop, particularly with the iOS platform, the damning fact still underlines the ease in which an unsuspecting target can turn into a victim.

As white-hat hacking endeavors go, the vulnerabilities were instantly disclosed to Apple and Google, the developers behind two of the biggest mobile platforms in the world. While patches are currently being developed, it could be months before a patch is revealed while the exploit is plugged, Gorenc added.

Keen Lab are perhaps most notable for their much-publicized hacking exploits of the Tesla Model S this year.

The group of Chinese hackers devised a contactless remote control that went on to open the Tesla’s sunroof, initiate its steering lamp and move the car’s seats, all from afar, in one experiment. The other exploit showcased saw the hackers’ ability to take over complete control of the car, away from the driver in the vehicle.


Leave a Reply