Over the past two days, security researchers have been hard at work in Tokyo at the annual Pwn2Own event focusing on smartphones. Going up against fully patched devices with the latest security updates, teams have managed to successfully hack into the iPhone X, Samsung Galaxy S9, and Xiaomi Mi6.
Sponsored by Trend Micro's Zero Day Initiative, teams successful in demonstrating working hacks netted a total of $325,000 in prize money. Throughout the event, 18 zero-day vulnerabilities were found across Samsung, Apple, and Xiaomi devices. Numerous other exploits were found to allow full control over mobile devices.
Apple's iPhone X was able to be exploited due to an issue with Safari. A just-in-time vulnerability combined with an out-of-bounds write bug allows for data to be extracted from an iPhone X that is connected to Wi-Fi. The device was running the latest version of iOS 12.1. During the demonstration, Richard Zhu and Amat Cama were able to recover a deleted photo off of the device and received $50,000 as a result.
The duo also was working on baseband exploits for the iPhone X, but did not have enough time to get it working during the time of the competition. Trend Micro is expected to acquire the exploit at a later date through its Zero Day Initiative.
Turning to the Galaxy S9, a memory heap overflow was discovered in its baseband, allowing for arbitrary code execution. The S9 was also able to be attacked by connecting it to a malicious Wi-Fi network with a specially crafted captive portal that did not require user interaction. Unsafe redirects and application loading were demonstrated that allowed full control of the device.
Full details of the exploits discovered will be published 90 days from now. Affected vendors and manufacturers have been alerted to the issues and should be able to fix them during the wait period.