THE 2009 edition of the Pwn2Own challenge will ask security experts and others attending the CanSecWest security conference in Ontario, Canada to hack smartphones, not just computers, in an attempt to find exploits that would allow arbitrary code.
Garnering publicity by way of Fortune, the two-day contest beginning on 18 March 2009 will give participants the opportunity to breach the safeguards of any one of five mobile platforms, each represented by a single device.
Apple's iPhone will have to compete against the other heavyweights of the cellular world, including a BlackBerry as well as representative models for Android, Symbian and Windows Mobile.
The contestants will have to depend solely on remote access and are thus forced to use techniques that are more likely to be seen in the wild, such as dangerous websites visited through the mobile web browser, harmful e-mail contents, or deliberately malformed SMS text messages.
3Com security branch TippingPoint is offering double the reward it is for more typical computer-borne hacks this year. Every hack that successfully executes code on a phone provides the winning team $10,000; those who are quick enough to hack a phone first wins the hardware along with a one-year contract to use it. Should at least five of the guests succeed, individual $5,000 prizes will also be doled out to those with the best exploits found by the end of the contest's second day.
As in the past, though, Pwn2Own is as much about practical help to the computer industry as it is a matter of bragging rights.
As part of TippingPoint's Zero Day Initiative to stop threats before they leave the safety of a test lab, any winning attack will also be bought out and kept secret until the target company's software can be mended.
Add a comment