The prestigious Mobile Pwn2Own hacking competition ended on Thursday, bearing good news for the Windows Phone platform. Or partial goods news, if you want to put it that way.
There were no prizes for the second day contestants.
And that is because the hackers only achieved their goals partially — both the Windows Phone platform and Android were not completely compromised, and the participants failed to get complete control of the device.
Nico Joly, a veteran researcher at the French security firm Vupen tried his skills against a Lumia 1520 smartphone, powered by Windows Phone, of course.
An exploit for the web browser was attempted, seeking complete control of the device.
The sandbox component in the OS prevented him from doing so. Though he did manage to dip into the cookie database — a feat, really, keeping in mind the fact that cookies can be used to access online accounts of users.
Another competitor, Jüri Aedla, took aim at Android and conducted a WiFi base attack against a Nexus 5 running the world’s most popular mobile operating system.
No luck for him in trying to elevate privileges, though he did demonstrate code execution by remotely launching the web browser. Good showing from both platforms, Windows Phone in particular, thanks to some watertight security.
Competitors were, however, successful on the first day of the event.
The contest, as the name suggests, is the mobile counterpart of Pwn2Own, a gathering organized by the HP Zero Day Initiative (ZDI) that focuses on zero day exploits and how they can be used to take control of devices.
Google and BlackBerry were the sponsors this year, with prizes amounting to $425,000 in cash. Tokyo was the host city this time around, and the event was held during the PacSec security conference.
A good day, all things considered.