TENCENT KEEN SECURITY LAB TEAM HACKERS WIN $215,000 FOR INFECTING A FULLY UPDATED AND PATCHED NEXUS 6P.
Challenging White Hat Hackers through competitions and bounties for identifying potentially harmful security flaws in latest or upcoming devices is currently the hot trend in the digital world.
It is rather interesting to let security teams work hard and try to identify flaws in a given hardware or software under close scrutiny. One of the most popular of such competitions is Pwn2Own in which White Hat hackers are invited to defeat the software or hardware, which has been declared as near perfect by the manufacturer.
In the recent mobile-only Pwn2Own competition, sponsored by Trend Micro, cash prizes were offered to hackers who could infiltrate the device, access or modify user info, infect the device with fake and harmful apps or unlock mobile phones from the most high-profile manufacturers. The phones that the hackers had to hack included the Nexus 6P, iPhone 6S and Samsung Galaxy S6.
Tencent Keen Security Lab’s team from China accepted the challenge and utilized various Android bugs to infect the Nexus 6P with a rogue app. The team also identified that the bugs that were used were already present in a new Nexus 6P phone despite its OS being updated with most recent security patches. By installing a rogue app on the phone, the team was able to access user data. However, they could not unlock the device.
Another achievement of Tencent Keen’s team was to get a malicious app to remain on the iPhone 6S system even after the device was rebooted. This was termed as a partial success. However, the team could not successfully invade the Galaxy S7 phone.
Due to their accomplishment of successfully carrying out three attacks in Sniper, Strength and Stealth categories, the team received an award of $102,500. Remember, Tencent Keen team is the same team who demonstrated how to take control of Tesla’s brakes from 12 miles away last month.
With multiple successful exploits, Tencent Keen Security Lab Team claimed the title of Master of Pwn with 45 points and $215,000 total awarded.
Another team tried to hack the phone using a mobile Chrome vulnerability, which was patched subsequently, but their attempts remained unsuccessful.
As per the rules of Mobile Pwn2Own, Google will be informed and alerted about the identified weaknesses in Nexus 6P and the Android system so that patches could be released.