Chinese Crew- Keen Lab Wins $200,000 For Stealing iPhone Pics and Hacking Google Nexus

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

As part of the Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Japan, some of the finest hackers from all over the world are trying to break into the most widely-used mobile phones on the planet this week. So as a part of the contest Keen Lab from China has successfully compromised both Apple’s iPhone and Google’s Nexus.

They were awarded $52,500 for hacking into Apple’s iPhone and $102,500 for Google’s Nexus. The iPhone 6S attack saw Tencent-owned Keen Lab chain two iOS vulnerabilities to steal pictures from the Apple device. They also managed to install a rogue application on the iPhone 6S, but the app wouldn’t survive a reboot thanks to a default configuration setting that prevented persistence. Despite that, ZDI bought the bugs used in the hack for $60,000.

As for the Nexus 6P, the Keen collective managed to install a malicious app on the Google device, repeating the attack three times. Again, Keen combined two different bugs, alongside other unspecified weaknesses in Android.

ZDI chief Brian Gorenc’s statement on Keen’s research: “All of the exploits were triggered by browsing to a malicious website. From that perspective, it’s relatively simple to trick a user into this scenario. Crafting the exploit itself isn’t trivial and requires months of research and experimentation.”

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply