iPhone 6s and Nexus 6P Hacked by Chinese Security Researchers!

Yes, you are reading right. iPhone 6s and Google’s Nexus 6P have been hacked by Chinese Security Researchers in Mobile Pwn2Own competition 2016 which held in Tokyo, Japan. They also got a bounty of hundreds of thousands of dollars for this. All these Chinese Security Researchers are the member of Tencent keen Security Lab. Last month, Tesla S-Model cars had been remotely hacked by the same security researchers. That time, they launched an 8-minute video in which they showed various actions which they had performed remotely by hacking cars. In Mobile Pwn2Own competition, they took only 5 minutes to hack Nexus 6P.

Mobile Pwn2Own Competition 2016

In this year’s Mobile Pwn2Own competition, there were only two participants. One of them was Tencent Keen Security Lab Team and the second one was MWR Labs. From MWR Labs, Robert Miller and Georgi Geshev were two team members.

List of Challenges:

Nexus 6P Hack

iPhone 6 Hack

iPhone 6 Unlocking

Samsung Galaxy S7 Hack

Nexus 6P Hack

Initially, Keen Security Lab Team got an award of $102, 500 for exploiting a Zero Day Flaw of Google’s Nexus 6P. A rouge application had been installed by researchers of Keen Lab in Nexus 6P without any user interaction. They managed to do this by exploiting two Nexus 6P vulnerabilities. They also receive 29 Masters of Pwn points for this hack.

iPhone 6s Hack

Security Researchers of Keen Lab also installed the same rouge application in iPhone 6s. But this attempt was partially successful. Due to some default configuration settings of iPhone 6, the rouge app didn’t persist after a reboot. Keen Lab researchers managed to install a rouge application in iPhone but it didn’t work in a reliable way as Nexus 6P. For this, Keen Lab researchers got another award of $60,000.

Moreover, security researchers of Keen Lab successfully stole photos from iPhone 6s by exploiting a use-after-free vulnerability. This vulnerability was due to some security issues in renderer and memory corruption process of the sandbox. Keen Lab got another award of $52,500. It has been done by Keen Lab researchers by exploiting iOS 10. It had been released by Apple, a few days ago. Keen Lab Team also got 16 Master of Pwn points for this.

On the other hand, Team of MWR Labs also tried their best. They also tried to install a rouge application on Nexus 6P but their codes were not that much affected. That’s the reason, their exploit was unstable. Initially, their exploit was working fine but due to latest Chrome update their exploit was looking senseless.

Final Result of Mobile Pwn2Own Competition 2016

The total payout of Keen Security Lab Team was $215,000. They also earned 45 Master of Pwn points. Moreover, they got 65,000 Zero Day Initiative Points. The market value of it is around $25,000. It was the amount which they have got from competition. The most valuable thing is still with them. It is the exploits which they have used to earn this. They can sell these exploits to security agencies and can get a huge amount for this. The award price for Samsung Galaxy S7 was less, that’s the reason didn’t try to hack it.

Similar Articles: