Saturday, March 21 2009
so it looks like Pwn2Own mobile failed the first time it was around. This is
a surprise for me.
I would have guessed that the iPhone would be have
been taken even it's Non-Exec-Memory since many more people try to
break it in comparison with the other mobile platforms.
Symbian was the only mobile platform somebody tried to pwn?
This is a bigger surprise to me. Especially since Pwn2Own only offers a
Nokia N95, a device that has Non-Exec memory. I tried to closely follow
Pwn2Own mobile so when I first saw that Symbian was in the game I thought
this will be uninteresting since they will take a brand new device with Non-Exec memory. When I read about the Nokia E61 in this announcement I
was really happy since this device doesn't have Non-Exec memory. In the latest
announcement the E61 seems to have been removed. Possible because
the figured out that it was way to old, bummer.
I actually predicted that somebody will own the Windows Mobile device and the
Android G1 but they all survived. Maybe all the bugs were already
reported to the manufacturers before mobile pwn2own was announced so they
could not be cashed (I at least know about one case). So I guess people
will hold on to their (mobile) bugs until next year's CanSecWest/Pwn2Own.
Especially now that some well known people called for their no more free bugs campaign. One last point that I found nice was that for mobile pwn2own the goal was
not necessary code execution but 1) loss of information (user data) OR 2) incur financial cost. My iPhone phone call bug would probably have counted, so I guess I should also keep bugs for