Running concurrently with their desktop browser hacking challenge (where one clever programmer broke down Safari in 10 seconds), the Pwn2Own contest at CanSecWest will also be testing the security of mobile operating systems. If they can break through any of the five big platforms (Android, BlackBerry, iPhone, Symbian and Windows Mobile), reps from those companies are will to shell out $10,000 for rights to the code. It might be more than the $5,000 and prizes they’re giving out for the desktop hackers, but it’s certainly nowhere near the $100,000 that such exploits can fetch on the black market. It’ll be interesting to see what these hackers can dig up… Here’s a run-down of the Pwn2Own itinerary:
Phones (and associated test platform)
* Blackberry(TBA)
* Android(Dev G1)
* iPhone(locked 2.0)
* Nokia/Symbian(N95-1)
* Windows Mobile (HTC Touch)Day 1 (Raw functionality out of the box, users configured for service) post phone, post email
* SMS
* MMS
* Email (arrival only)
* wifi on if default
* bluetooth on if default
* Radio stackDay 2
* All of Day 1
* Email/SMS/MMS (reading only – no secondary actions)
* wifi on
* bluetooth on (not accept pairing by default. Paired with a headset. pairing process not visible)Day 3
* All of Day 1 and 2
* one level of user interaction with default applications
* bluetooth on (not accept pairing by default. Paired with a headset/other devices upon request. pairing process visible)What is owned? Must demonstrate…
* loss of information (user data)
* incur financial cost
[via ElectricPig]