At this year's CanSecWest, they mounted the second PWN to OWN challenge: given a Sony Vaio running Linux, a MacBook Air running Leopard and a Fujitsu U810 running Vista, the first hacker to exploit the system of their choice would take the device home; in addition, the first to exploit any of the devices would get a check for ten grand.
The MacBook Air went down first in a surprisingly (disturbingly, really) three minutes, thanks to an exploit in the latest version of Safari, v3.1. Disturbing, since Safari 3.1 is the version on the beta 2.0 iPhones as well. Given the lack of a real security model on the iPhone, and the fact that most things run as root, this raises some concerns about the safety of putting third-party software onto that device. No doubt this exploit will be fixed, but this and the similar speed with which the iPhone 2.0 update was jailbroken underscore the fragility of the iPhone.
The Vista device went next, taking a more impressive 55 hours, before it finally fell to a Flash exploit.
The VAIO running Ubuntu was the only device standing at the end of the third day.
Want real security on your mobile device? You want Linux.
Sunday, March 30, 2008
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment