iPhone 4 and Blackberry Torch hacked at Pwn2Own
Researchers highlight the fallibility of the two hugely popular phones in the Pwn2Own contest.


Apple's iPhone 4 and the BlackBerry Torch 9800 were successfully hacked at the Pwn2Own contest.
This week has already seen researchers rewarded for their hacks on the Safari and Internet Explorer browsers, but yesterday, it was the turn of smartphones.
Well-known researcher Charlie Miller managed to take down the iPhone 4, whilst a team consisting of Willem Pinckaers, Vincenzo Iozzo and Ralf-Philipp Weinmann hacked the BlackBerry device.
For each hack, the winners received $15,000 (9,345).
Miller used an exploit to run arbitrary code on the iPhone after visiting a specific website on the hugely popular Apple device. The flaw has now been patched with the iOS 4.3 release, which was issued this week, ahead.
It is the fourth year in a row Miller had won a contest at Pwn2Own.
The BlackBerry hackers had to get around a range of issues, largely because no debugger was available for the BlackBerry's current browser, Kaspersky Labs' Threatpost reported. Indeed, the team had little documentation to go on whatsoever.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"It was all trial and error. We didn't have a debugger, so it crashes or it doesn't crash or it takes a long time to respond. Those are the three options," Pinckaers said.
"We had to figure out the memory map from small little pieces."
More mobile threats
Pwn2Own has highlighted the kinds of vulnerabilities hackers are seeking to exploit at a time when mobile security has come under increasing scrutiny.
A number of researchers have now picked up on a malicious version of a Google mobile security tool.
The genuine tool, designed to remove applications infected with the Droid Dream malware, was only released in the last week.
The Trojanised version does not appear on the official Android Market, but can be found on third-party app stores.
Symantec found the apps could be used to change access point name settings on devices, although the developers did not create a flawless piece of malicious kit.
"Our overall analysis of this threat has shown it to be a potentially worrying threat," Symantec researcher Mario Ballano said in a blog post.
"However, the threat's perpetrators have failed to fully implement all of the functionality within the infected applications, thereby lessening its potential impact as a threat."
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Blackberry revenue falls by 4% as cyber security division takes hit
News Despite this, the company’s Internet of Things (IoT) division increased its revenue by 28% as it attracted new customers from the automotive sector
-
BlackBerry revival is officially dead as OnwardMobility shuts down
News The Texas-based startup is mysteriously shutting down and taking its ultra-secure 5G BlackBerry with it
-
BlackBerry and AWS are developing a standardized vehicle data platform
News Platform will give automakers a standardized way to process data from vehicle sensors in the cloud
-
BlackBerry thwarts mobile phishing attacks with new AI tools
News The company's Protect Mobile platform alerts users to potential malware before a link is clicked
-
BlackBerry Persona Desktop delivers zero-trust security at the endpoint
News New security solution learns user behavior and can take action if there’s an abnormality
-
A 5G BlackBerry phone with physical keyboard is coming in 2021
News The business phone to be resurrected with OnwardMobility and FIH Mobile planning a security-savvy enterprise handset
-
The business smartphone is dead
In-depth BlackBerry’s demise signals the end of the business-first handset
-
BlackBerry Key2 review: The best physical keyboard no one asked for
Reviews Despite the improvements, the flaws of BlackBerry’s Key range are still front and centre