Galaxy S3 and iPhone 4S exploited at Pwn2Own competition

By Leeky
Sep 20, 2012
Post New Reply
  1. Dutch security researchers were able to breach Apple's mobile OS at a Pwn2Own competition during the EUSecWest security conference in Amsterdam, which opened its doors yesterday. The exploit used a zero-day vulnerability iOS 5.1.1 and the Golden master of iOS 6 to sidestep Apple's...

    Read more
  2. Tygerstrike

    Tygerstrike TechSpot Enthusiast Posts: 827   +93

    Wow!! Why havent the cellphone makers hired these guys yet!!! They picked apart 2 of the hotest phones.
    Leeky I just love your stories lol!!
    You shine a light that illuminates the darkness of ignorance!!
    Leeky likes this.
  3. PinothyJ

    PinothyJ TechSpot Enthusiast Posts: 429   +15

    The more complicated a device the easier it is to break in :'(?
  4. lipe123

    lipe123 TechSpot Guru Posts: 423   +75

    NFC is disabled by default on the S3 and then there is the obvious part that the "attacker" needs to have physical contact with your phone to execute it.
    In that case he can just assault you physically, pick the phone up from the ground and save himself a lot of time.

    Still I guess grasping at straws to make the S3 look as bad as the iphone is the norm.
  5. Still I guess grasping at straws to make the iphone look as bad as the S3 is the norm.
  6. Leeky

    Leeky TechSpot Evangelist Topic Starter Posts: 4,378   +98

    Haha, Thanks @Tygerstrike. :)
  7. RajeGera

    RajeGera Newcomer, in training Posts: 50

    This is simply genius stuff..Just after some days of IPhone 5 release...Marvellous..
  8. I'd like to know why Pol thinks the GS3 is less secure when the only exploit stated here required not only physical proximity but NFC to be turned on from default. Easily avoidable just by not keeping your NFC on.
  9. Leeky

    Leeky TechSpot Evangelist Topic Starter Posts: 4,378   +98

    @guest above, Joost Pol said he believed it was the most secure, he wasn't basing his opinion on one or the other as a direct comparison, but his personal feelings about smartphones in general.

    The article itself is about three separate, and undiscovered zero-day vulnerabilities: one with iOS, and two with the Galaxy S3 running Android 4.0.4. I agree that Samsung's could be mitigated by switching it off, but I've handled several new SGS3's now and all of them have been switched on by default -- so assuming this isn't just a coincidence it is a problem, as uniformed consumers wouldn't have any idea about NFC, nevermind how to turn it on or off.

    I personally think NFC should be included in the top bar of the Android menu, alongside WiFi and the other functionality you can turn on and off. It shouldn't be buried in the settings > More Settings menu.
  10. Tygerstrike

    Tygerstrike TechSpot Enthusiast Posts: 827   +93

    Leeky.
    In all my years of retail even I know that this is a problem. Im guessing that they left this as default for something they have planned. Perhaps Samsung will see this and re write thier next update to set the NFC as switched off by default. If they dont they will have a definate problem as it is now a known issue.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.