iPhone X, Samsung Galaxy S9, Xiaomi Mi 6 Hacked At Pwn2Own Tokyo

Pwn2Tokyo, the annual hacking contest has wrapped up its first day and last year flagship devices like Samsung Galaxy S9, iPhone X and Xiaomi Mi 6 have already been hacked, earning hackers a bounty of more than half a million dollars.

According to Zero Day Initiative, of the organizers of the event —  “Fluoroacetate” team (Amat Cama and Richard Zhu) was the first to exploit Xiaomi Mi 6 with the help of device NFC.

They used the touch-to-connect feature to force open up their specially crafted web page, on the device browser. Following which they leveraged an out-of-bounds write bug affecting WebAssembly to achieve code execution. The researchers earned $30,000 for this hack.

The same team was able to exploit Samsung Galaxy S9 which involved a heap overflow in the device’s baseband component. This hack fetched them a sum of $50,000. Fluoroacetate was also able to hack iPhone X via Wifi using a Just-In-Time (JIT) bug, and an out-of-bounds write flaw, which grabbed another $60,000.

Another team from UK-based MWR Labs took two attempts before finally hacking Xiaomi Mi 6 and Samsung Galaxy S9. The team used a code execution exploit via Wi-Fi that resulted in a photo getting exfiltrated from the targeted phone. ZDI says they chained a bunch of bugs to silently install an application via javascript. MWR Labs was rewarded $60,000 for hacking both the phones.

At the end of the first day, a researcher Michael Contreras received $25,000 for hacking the Xiaomi Mi 6 browser via JavaScript type confusion flaw.

This was only one day of the Pawn2Tokyo; more hacks will be coming soon enough. Last year, devices like Samsung Galaxy S8, Huawei Mate 9 Pro and iPhone 7 were hacked many times, for which hackers received a cash price of $500,000.

Also Read: User Profiles On Dating Apps Like Tinder Are Being Auctioned For Millions

Share
Published by

Recent Posts

  • News
  • Tech

Apple Engineers Have Invented A Tech To Track Ads Without Invading Privacy

Apple has always advocated privacy and has time and again beaten its chest for being a company that doesn't treat…

May 25, 2019
  • News
  • Tech

Telegram Launches Fift: New Programming Language For TON Blockchain Network

Telegram is a popular privacy-focused encrypted instant messaging service. Recently, the messenger platform announced the launch of a new programming…

May 25, 2019
  • Geek
  • List

6 Open Source Android Alternative Operating Systems For Mobiles

In the wake of the ongoing US-Huawei-Google tussle, many Android enthusiasts are wondering about the different alternative phone operating systems…

May 25, 2019
  • News
  • Tech

Huawei Cannot Use microSD Cards In Its Future Devices

A host of companies have severed ties with Huawei after the US government's order. Without companies like Google, ARM, and…

May 25, 2019
  • News
  • Tech

Microsoft xCloud Will Stream Over 3,500 Games Including All XBox One Titles

Game streaming services are the next big thing in the tech world, and every major tech company is buckling up…

May 25, 2019
  • Geek
  • News

Python Language Creator: “Male Attitude” Is Hurting The Programming Space

Guido van Rossum is a famous name in the programming world. He is the creator of the Python programming language…

May 24, 2019