Chinese Crew- Keen Lab Wins $200,000 For Stealing iPhone Pics and Hacking Google Nexus

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

As part of the Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Japan, some of the finest hackers from all over the world are trying to break into the most widely-used mobile phones on the planet this week. So as a part of the contest Keen Lab from China has successfully compromised both Apple’s iPhone and Google’s Nexus.

They were awarded $52,500 for hacking into Apple’s iPhone and $102,500 for Google’s Nexus. The iPhone 6S attack saw Tencent-owned Keen Lab chain two iOS vulnerabilities to steal pictures from the Apple device. They also managed to install a rogue application on the iPhone 6S, but the app wouldn’t survive a reboot thanks to a default configuration setting that prevented persistence. Despite that, ZDI bought the bugs used in the hack for $60,000.

As for the Nexus 6P, the Keen collective managed to install a malicious app on the Google device, repeating the attack three times. Again, Keen combined two different bugs, alongside other unspecified weaknesses in Android.

ZDI chief Brian Gorenc’s statement on Keen’s research: “All of the exploits were triggered by browsing to a malicious website. From that perspective, it’s relatively simple to trick a user into this scenario. Crafting the exploit itself isn’t trivial and requires months of research and experimentation.”

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply