As a part of an annual hacking contest called Pwn2Own organised by Hewlett Packard (sponsored by Google & Blackberry), to find security vulnerabilities & patching them before revealing the details- iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire Phones were hacked using multiple bug attacks & NFC. Read on for the complete story.
During the first day,the following hacks took place:
- An iPhone 5S managed to execute a full sandbox escape in the Safari browser by a two-bug attack.
- NFC functionality was used to trigger a deserialization exploit in a Samsung Galaxy S5.
- A separate team also used NFC to exploit a logical error present in the Galaxy S5.
- Bluetooth pairing was forced on an LG Nexus 5 with a 2 bug attack
- A 3 bug attack took down the Amazon’s Fire Phone’s web browser.
For the uninitiated, NFC or Near Field Communication allows devices to transfer data/establish communication with each other by gently tapping the two devices for pairing.
This vulnerability is infact one of the most dangerous exploits as it affects a large number of devices. For those who are worried about its implications, the loopholes have already been fixed. For rest of the users, it is a smart move to keep the NFC switched off when not in use.
Events like Pwn2Own and similar whitehat initiatives demonstrate the fact that every system/software can be hijacked or exploited with a particular set of skills & intelligence.