Pwn2Own will be taking place in Amsterdam on 19th and 20th of September. RIM is Co-sponsoring Pwn2Own this year at EUSecWest, TippingPoint is the primary sponsor along with RIM, AT&T, and HP DVLabs. The hacking will focus on mobile browsers, NFC, SMS, and the cellular baseband. “We are introducing a new spin on the Pwn2Own competition this year by holding the first Pwn2Own dedicated to the mobile attack surface.
The primary goal is to demonstrate the current security posture of the most prevalent mobile technologies in use today; including attacks on mobile web browsers, Near Field Communication (NFC), Short Message Service (SMS), and the cellular baseband. Along with our sponsors Research in Motion (RIM) and AT&T, HP DVLabs looks forward to highlighting the researchers working to help improve mobile security.”
We will be dusting off our radio frequency (RF) enclosure introduced in Pwn2Own 2011 so that competitors will be able to perform RF attacks without violating local laws. This RF enclosure has a built-in video recording feature which allows us to publish the feed at the conclusion of the contest.
Zero Day Initiative (ZDI), along with our sponsors RIM and AT&T, will offer four prizes, one each to the first researcher to successfully compromise a device through one of the following vectors:
- Mobile Web Browsers
- Near Field Communication (NFC)
- Short Message Service (SMS)
- Cellular Baseband
Each contestant will be allowed to select the device they wish to compromise during the pre-registration process. The only requirement is that it be a current device and running the latest operating system. The exact OS version, firmware and model numbers will be coordinated with the pre-registered researcher. Some examples of devices include:
- BlackBerry Bold 9930
- Samsung Galaxy SIII
- Nokia Lumia 900
- Apple iPhone 4S
For researchers registering on-site, we will have the above devices available if the target/vector has not already been compromised. Exact details of the OS version, firmware and model numbers will be available in a future update. We will review the devices prior to the competition and ensure they are in a clean state.
A successful attack against these devices must require little or no user interaction and must compromise or exfiltrate useful data from the phone. Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope. To avoid interfering with licensed carrier networks, all RF attacks must be completed within the provided RF isolation enclosure. The vulnerabilities utilized in the attack must be an 0-day. ZDI reserves the right to determine what constitutes a successful attack. As always, vulnerabilities revealed by contest winners will be disclosed to affected vendors through HP’s Zero Day Initiative.
A successful compromise of any of these targets will win the contestant the cash prize, the device itself, and 20,000 ZDI reward points* which immediately qualifies them for Silver standing.
*Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions over the next calendar year, 25% reward point bonus on all ZDI submissions over the next calendar year and paid travel and registration to attend the 2013 DEFCON Conference in Las Vegas.
Along with the prize money, each winner will receive a BlackBerry PlayBook courtesy of RIM. Prize money for the first researcher to compromise a device for each of the vectors is listed below.
- Mobile Web Browser
- $20,000 USD
- $40,000 USD
- $40,000 USD
- Cellular Baseband
- $100,000 USD