Chinese Hackers Pwned Apple in 20 seconds; Google Pixel in 60 seconds

[Götterdämmerung]

This is an article about this hacker event from a reputed German IT web portal. Unlike Viet, the experts in the comment section were full of praises for the hackers. Viet should joint the next event, as it seems to be easy money for his expertise.

https://www.heise.de/security/meldung/Hacker-knacken-Googles-Smartphone-Pixel-3464583.html

 

[Viet]

You would have sounded much more creditable, had you won $520 K or any prize in PWNFEST or alike.

is here anyone that won the price? if not, why bothering opening the thread and let people commenting?
I suggest you impose no say rule to non Chinese speakers.

This is an article about this hacker event from a reputed German IT web portal. Unlike Viet, the experts in the comment section were full of praises for the hackers. Viet should joint the next event, as it seems to be easy money for his expertise.

https://www.heise.de/security/meldung/Hacker-knacken-Googles-Smartphone-Pixel-3464583.html

you mean comment like this "leicht verdientes Geld"

 

[Dungeness]

is here anyone that won the price? if not, why bothering opening the thread and let people commenting?
I suggest you impose no say rule to non Chinese speakers.

You are not making sense. Nobody claimed it was easy except you, so you should prove that you have the credential to make such comment.

 

[Götterdämmerung]

is here anyone that won the price? if not, why bothering opening the thread and let people commenting?
I suggest you impose no say rule to non Chinese speakers.


you mean comment like this "leicht verdientes Geld"

Yeah, but did you read the reply as well? and did you see the question mark?

 

[Mugwop]

you failed to know some of developers reveal their OS weaknesses by accident. or do you know there are tools to discover bugs? such as this tool: backtrack?

What about Kali linux or Parrot OS?

 

[Hamartia Antidote]

That Safari hack was for the MacOS version. Nobody has been able to hack into the IOS/iPhone version.

https://9to5mac.com/2016/11/11/pwnfest-pangu-jh-safari-macos-sierra-exploit/

"There is no report yet of anyone successfully claiming the $180k available for an iOS 10/iPhone 7 Plus exploit."

A list of all the platforms for the hack conference:


Platform/OS/Device Base Reward Extra Reward

Microsoft Edge
Windows 10 x64 Redstone 1 $120,000 $20,000

Android 7.0
Nexus 6p and Pixel $120,000 $20,000

Microsoft Hyper-V
Windows Server 2016 $150,000 none

Google Chrome
Windows 10 x64 Redstone 1 $120,000 $20,000

Apple iOS 10
iPhone 7 Plus $120,000 $60,000

Apple Safari
MacOS Sierra $80,000 $20,000

Adobe Flash Player
Microsoft Edge
Windows 10 x64 Redstone 1 $100,000 $20,000

VMWare Workstation Pro 1.2
Windows 10 x64 Redstone 1 $150,000 none

 

[Viet]

What about Kali linux or Parrot OS?

there are many tools on the official and unofficial market. Kali and Parrot are among them. Personally I know backtrack Linux.

You are not making sense. Nobody claimed it was easy except you, so you should prove that you have the credential to make such comment.

believe me. the hackers knew the loopholes of the OS before going on stage. or do you think they knew nothing and began to hack?

 

[sinait]

there are many tools on the official and unofficial market. Kali and Parrot are among them. Personally I know backtrack Linux.

believe me. the hackers knew the loopholes of the OS before going on stage. or do you think they knew nothing and began to hack?

Pls don't pretend you know hacking. It needs a lot of effort discovering loopholes and devising an attack. Like how they keep on refining the WIFI WEP security attack until they could do it in seconds. Timing start from when you begin the hack, not including how much time is spent finding loopholes and etc, etc. You should know this very well since you say you know how to use Backtrack, which is an assembly of tools to facilitate a hack. It's easier for subsequent hackers because somebody has done it already. So I agree you are putting down the efforts of those Chinese hacking teams. You should try hacking with Linux that comes up with a blank black text(no graphics) log-in screen and you have to type in all commands including networking commands.
Very mean of you.

 

[Dungeness]

believe me. the hackers knew the loopholes of the OS before going on stage. or do you think they knew nothing and began to hack?

They knew something no one else know, and they may even know something that they don't want anybody know they know, that's all it matters. I agree with you, all hackers attending the event went there prepared.

 

[qwerrty]

That Safari hack was for the MacOS version. Nobody has been able to hack into the IOS/iPhone version.

lol according to hackers, it's much easier to hack than their macos version

http://www.iphonehacks.com/2013/11/chinese-hackers-win-mobile-pwn2own-ios-7-safari-exploit.html
http://fortune.com/2014/03/14/chinese-hacker-cracks-safari-wins-62-5k-praises-apples-security/

-

from another event in japan a not long ago. also, easy money for Chinese..

Chinese Hackers won $215,000 for Hacking iPhone and Google Nexus at Mobile Pwn2Own
Thursday, October 27, 2016

The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro's Zero Day Initiative (ZDI) in Tokyo, Japan.

Despite the implementation of high-security measures in current devices, the famous Chinese hackers crew has successfully hacked both Apple's iPhone 6S as well as Google's Nexus 6P phones.

Hacking iPhone 6S

For hacking Apple's iPhone 6S, Keen Lab exploited two iOS vulnerabilities – a use-after-free bug in the renderer and a memory corruption flaw in the sandbox – and stole pictures from the device, for which the team was awarded $52,500.


The iPhone 6S exploit successfully worked despite the iOS 10 update rolled out by Apple this week.

Earlier this week, Marco Grassi from Keen Lab was credited by Apple for finding a serious remote code execution flaw in iOS that could compromise a victim's phone by just viewing "a maliciously crafted JPEG" image.

However, a tweet from Keen Team indicated it was able to make the attack successfully work on iOS 10.1 as well.

The Keen Lab also managed to install a malicious app on the iPhone 6S, but the app did not survive a reboot due to a default configuration setting, which prevented persistence. Still, the ZDI awarded the hackers $60,000 for the vulnerabilities they used in the hack.


Hacking Google's Nexus 6P

For hacking the Nexus 6P, the Keen Lab Team used a combination of two vulnerabilities and other weaknesses in Android and managed to install a rogue application on the Google Nexus 6P phone without user interaction.

The ZDI awarded them a whopping $102,500 for the Nexus 6P hack.

So, of the total potential payout of $375,000 from the Trend Micro's Zero Day Initiative, the Keen Lab Team researchers took home $215,000.

https://thehackernews.com/2016/10/hacking-team-pwn2own.html

 

[Hamartia Antidote]

lol according to hackers, it's much easier to hack than their macos version

http://www.iphonehacks.com/2013/11/chinese-hackers-win-mobile-pwn2own-ios-7-safari-exploit.html
http://fortune.com/2014/03/14/chinese-hacker-cracks-safari-wins-62-5k-praises-apples-security/

-

from another event in japan a not long ago. also, easy money for chinamen..

Well nobody claimed any money this year. It isn't impossible. Apple fixed 3 zero day bugs found by Lookout (San Francisco) and Citizen Labs (University Toronto) in their iPhones in August.
https://www.engadget.com/amp/2016/08/25/apple-iphone-security-flaw-update-activist-hack/

Even though the hackers failed this round I'm sure others will eventually be found by companies like Lookout and Citizen Lab.

 

[Mugwop]

there are many tools on the official and unofficial market. Kali and Parrot are among them. Personally I know backtrack Linux.


believe me. the hackers knew the loopholes of the OS before going on stage. or do you think they knew nothing and began to hack?

For anonymity Parrot is good it also looks cool but Kali is the best. Backtrack 5 gives problems when installing it

 

[Jlaw]

No point. It's like apple getting beta testers for free. Now they know the vulnerability and will fix it. And they didn't need to spend millions hiring some consultant firms.

 

[Viet]

Pls don't pretend you know hacking. It needs a lot of effort discovering loopholes and devising an attack. Like how they keep on refining the WIFI WEP security attack until they could do it in seconds. Timing start from when you begin the hack, not including how much time is spent finding loopholes and etc, etc. You should know this very well since you say you know how to use Backtrack, which is an assembly of tools to facilitate a hack. It's easier for subsequent hackers because somebody has done it already. So I agree you are putting down the efforts of those Chinese hacking teams. You should try hacking with Linux that comes up with a blank black text(no graphics) log-in screen and you have to type in all commands including networking commands.
Very mean of you.

bro relax. I never say be a hacking expert, just knowing here and there a bit. I said knowing backtrack Linux. By no means I know that tool in and out. It is similar if I say of knowing penguin. That means I know penguins are birds that can't fly. I don't know anything about the language they speak, less their sexual life.

They knew something no one else know, and they may even know something that they don't want anybody know they know, that's all it matters. I agree with you, all hackers attending the event went there prepared.

Thanks heaven. At least there is someone who finally understood. Of course the hackers did their homework and are prepared when going on stage. How many words can you write in 20 or 60 seconds? calculate the time you move the mouse from left corner to right corner of the screen!

What can the hackers do in a minute? Anyone with a little bit of computer security knows the first thing to do for hackers is scanning the computer or in that case the OS for open ports in tcp and udp. It takes several minutes to scan the whole range. How do you want to hack a computer in 20 seconds if the scan time takes minutes? I don't bother mentioning the times you take to evaluate the scan results and exploit the weaknesses.

 

[jkroo]

@Jlaw You are smart guy, bro. But in another way the security team themselves are from famous company and they also offer consulting service so that they can make easy money for their super talent. To admit, I always envy them have such kind of skills.