...stuff I do and things I like...

Saturday, March 21 2009

Some notes on Pwn2Own Mobile

so it looks like Pwn2Own mobile failed the first time it was around. This is a surprise for me. I would have guessed that the iPhone would be have been taken even it's Non-Exec-Memory since many more people try to break it in comparison with the other mobile platforms.

Symbian was the only mobile platform somebody tried to pwn? This is a bigger surprise to me. Especially since Pwn2Own only offers a Nokia N95, a device that has Non-Exec memory. I tried to closely follow Pwn2Own mobile so when I first saw that Symbian was in the game I thought this will be uninteresting since they will take a brand new device with Non-Exec memory. When I read about the Nokia E61 in this announcement I was really happy since this device doesn't have Non-Exec memory. In the latest announcement the E61 seems to have been removed. Possible because the figured out that it was way to old, bummer.

I actually predicted that somebody will own the Windows Mobile device and the Android G1 but they all survived. Maybe all the bugs were already reported to the manufacturers before mobile pwn2own was announced so they could not be cashed (I at least know about one case). So I guess people will hold on to their (mobile) bugs until next year's CanSecWest/Pwn2Own. Especially now that some well known people called for their no more free bugs campaign. One last point that I found nice was that for mobile pwn2own the goal was not necessary code execution but 1) loss of information (user data) OR 2) incur financial cost. My iPhone phone call bug would probably have counted, so I guess I should also keep bugs for myself now.