iPhone X, Samsung Galaxy S9, Xiaomi Mi 6 Hacked At Pwn2Own Tokyo

Pwn2Tokyo, the annual hacking contest has wrapped up its first day and last year flagship devices like Samsung Galaxy S9, iPhone X and Xiaomi Mi 6 have already been hacked, earning hackers a bounty of more than half a million dollars.

According to Zero Day Initiative, of the organizers of the event —  “Fluoroacetate” team (Amat Cama and Richard Zhu) was the first to exploit Xiaomi Mi 6 with the help of device NFC.

They used the touch-to-connect feature to force open up their specially crafted web page, on the device browser. Following which they leveraged an out-of-bounds write bug affecting WebAssembly to achieve code execution. The researchers earned $30,000 for this hack.

The same team was able to exploit Samsung Galaxy S9 which involved a heap overflow in the device’s baseband component. This hack fetched them a sum of $50,000. Fluoroacetate was also able to hack iPhone X via Wifi using a Just-In-Time (JIT) bug, and an out-of-bounds write flaw, which grabbed another $60,000.

Another team from UK-based MWR Labs took two attempts before finally hacking Xiaomi Mi 6 and Samsung Galaxy S9. The team used a code execution exploit via Wi-Fi that resulted in a photo getting exfiltrated from the targeted phone. ZDI says they chained a bunch of bugs to silently install an application via javascript. MWR Labs was rewarded $60,000 for hacking both the phones.

At the end of the first day, a researcher Michael Contreras received $25,000 for hacking the Xiaomi Mi 6 browser via JavaScript type confusion flaw.

This was only one day of the Pawn2Tokyo; more hacks will be coming soon enough. Last year, devices like Samsung Galaxy S8, Huawei Mate 9 Pro and iPhone 7 were hacked many times, for which hackers received a cash price of $500,000.

Also Read: User Profiles On Dating Apps Like Tinder Are Being Auctioned For Millions

Share
Published by

Recent Posts

  • News
  • Tech

Chandrayaan-2 Successfully Enters Moon’s Orbit, Next Manoeuver Tomorrow

After thirty days of space travel, India's second moon mission, Chandrayaan-2 has finally entered the Moon's orbit. The spacecraft lifted…

August 20, 2019
  • List
  • News

List Of All Cross-Platform Games On PS4 And Xbox One Including PUBG

Cross-play between PS4 and Xbox One has just been announced for the popular battle royale game PUBG: PlayerUnknown Battlegrounds. Gamers…

August 20, 2019
  • News
  • Security

This Innocent USB Charger Is A Hidden Surveillance Camera No One Can See

To tackle uninvited burglars and other intrusions, many people resort to installing closed-circuit TV cameras in their homes. But the…

August 20, 2019
  • Review

Mobvoi TicWatch Pro 4G Review: Go Wireless With Amazing Battery Life

Mobvoi has been on the ball with their Tic line of products. I've learned not to underestimate their devices. They've…

August 20, 2019
  • how to

How To Compress Files In Windows, Mac, And Linux?

We're running out of storage space with the increasing amount of data that we deal in our daily life. One…

August 20, 2019
  • News
  • Tech

World’s Oldest Continually Operating Webcam Is Shutting Down

Internet's oldest continually operating webcam -- FogCam is shutting on August 30th, after 25 years. The popular webcam mounted on…

August 20, 2019