Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

iPhone, IE, Firefox, Safari get stomped at hacker contest
The Register ^ | 25 March 2010 | Dan Goodin

Posted on 03/25/2010 10:42:55 AM PDT by ShadowAce

It was another grim day for internet security at the annual Pwn2Own hacker contest Wednesday, with Microsoft's Internet Explorer, Mozilla's Firefox and Apple's Safari and iPhone succumbing to exploits that allowed them to be remotely commandeered.

Like dominoes falling in rapid succession, the platforms were felled in the fourth year of the contest, which has come to underscore the alarming insecurity of most internet-facing software. To qualify for the big-money prizes, the exploits had to attack previously undocumented vulnerabilities to expose sensitive system data or allow the remote execution of malicious code.

The exploits were all the more impressive because they bypassed state-of-the-art security mitigations the software makers have spent years implementing in an attempt to harden their wares. That included DEP, or data execution prevention, and ASLR, or address space layout randomization and in the case of the iPhone, code signing to prevent unauthorized applications from running on the device.

"Code signing by Apple is tough, though I'm not sure if they do it for security or just to lock people into their platform," said Halvar Flake, a security researcher for Germany-based Zynamics. He compromised the iPhone using an exploit written by his colleague Vincenzo Iozzo. University of Luxemburg student Ralf-Philipp Weinmann was also instrumental in developing the attack.

The iPhone's code signing mechanism requires code loaded into memory to carry a valid digital signature before it can be executed. To get around it, the researchers used a technique known as return-oriented programming, which takes pieces of valid code and rearranges them to form the malicious payload.

As a result, the hackers were able to create a website that when visited by the Apple smartphone forced it to spill a copy of its SMS database. The file includes a list of contacts as well as complete copies of messages that have been sent and received. The database also contains deleted messages unless a user has gone through the trouble of manually erasing them.

The hacks came on day one of the contest, which offers a total of $100,000 in prizes and coincides with the CanSecWest conference in Vancouver. It comes three months after criminal hackers pierce the defenses of Google, Adobe and about 33 other large companies using similar vulnerabilities in an older version of IE. The relative ease contestants had in exploiting other platforms suggested that they are susceptible to the same types of attacks when there is the financial incentive to develop them.

DEP and ASLR, which Microsoft began implementing with the release of Service Pack 3 for Windows XP, didn't fare much better. Peter Vreugdenhil, a researcher with Netherlands-based Vreugdenhil Research, was able to hijack a laptop running IE 8 running on Windows 7, a combination widely considered by white hat hackers as among the hardest to compromise.

Unlike previous DEP- and ASLR-busting techniques, Vreugdenhil's exploit didn't use Adobe Flash, or any other third-party software to accomplish the feat. Rather, it relied on an information-disclosure exploit that allowed him to identify the memory location of a core module that was loaded by the Microsoft browser.

"I used that knowledge to create a DEP bypass by reusing code in that module to change the protection," he said a few minutes after causing Windows 7 to spontaneously open a calculator program. "The vulnerability that I found allowed me to lay out the heap exactly as I wanted to, which is not always possible."

A pdf with additional details of the IE 8 exploit is here.

Firefox running on Windows 7 was also smitten. The author of that exploit was Nils, the same hacker who successfully compromised machines running IE, Firefox and Safari at last year's Pwn2Own contest. As was the case then, he asked that his last name not be printed, but this time the 26-year-old said he is the head of research at MWR InfoSecurity, a security consultancy in Basingstoke, UK.

Microsoft researchers, who were present en masse at the contest, are investigating the report and will issue a patch if their findings warrant it, said Pete LePage, a senior product manager for IE. He said Microsoft isn't aware of attacks in the wild that target the vulnerability.

Safari was also part of the spoils, making this the third consecutive year contestant Charlie Miller has compromised the Apple browser. Miller, 36, who is principal security analyst at Independent Security Evaluators, said he came to this year's contest armed with close to 20 working attacks that in virtually every case allow him to seize control of the Mac running the program.

He said he found all of them using the same rudimentary, five-line script written in Python, raising the very legitimate question: If he can find them, why haven't people working on Apple's security team found them, too?

"Tomorrow, I'm going to describe exactly how I found them, so hopefully that means Apple will replicate what I did and they'll find my 20 [bugs] and probably a lot more," Miller said. "Hopefully, they'll keep doing that and improve their mechanisms of finding bugs as opposed to just slapping band-aids every time I send them email about what bug I have."

The iPhone hack fetched $15,000 and the browser exploits were awarded $10,000 each.

The genius of a contest like Pwn2Own is that it exposes the insecurity of software that rarely gets exploited by criminals. Plenty of Linux and Mac fans cite the absence of real-world exploits on those platforms as proof positive that they are inherently safer than the prevailing Microsoft operating system. It's an argument that carried little weight in Vancouver.

"The problem Microsoft has is they have a big market share, said Vreugdenhil, the hacker who attacked IE. "I use Opera, but that's basically because it has a tiny market share and as far as I know, nobody is really interested in creating a drive-by download for opera. The web at the moment is pretty scary, actually." ®


TOPICS: Computers/Internet
KEYWORDS: hacker; hax0rs; mozilla; pwn4g3

1 posted on 03/25/2010 10:42:55 AM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 03/25/2010 10:43:15 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

In China, every day is Pwn2Own Hacker Contest Day.


3 posted on 03/25/2010 10:45:08 AM PDT by Question Liberal Authority ("We can't control nature" - Barack Obama, Feb 27, 2010)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Hackers should be shot. That’s a “fire wall” I’d support.


4 posted on 03/25/2010 10:45:47 AM PDT by Lee'sGhost (Johnny Rico picked the wrong girl!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
As market share increases for Apple, watch as more hackers exploit them.

Those issues have always been there, it's just that almost no one cared.

5 posted on 03/25/2010 10:48:27 AM PDT by Dead Corpse (III, Oathkeeper)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
The web at the moment is pretty scary, actually.

Sobering stuff.

If you have information of value to someone, they will probably be able to get it if they try hard enough.

6 posted on 03/25/2010 10:49:52 AM PDT by TChris ("Hello", the politician lied.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
"Tomorrow, I'm going to describe exactly how I found them, so hopefully that means Apple will replicate what I did and they'll find my 20 [bugs] and probably a lot more," Miller said. "Hopefully, they'll keep doing that and improve their mechanisms of finding bugs as opposed to just slapping band-aids every time I send them email about what bug I have."

Say wha????...

You'll smoke a turd in hell for that buddy....!!!!

7 posted on 03/25/2010 10:50:15 AM PDT by TomServo
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lee'sGhost

Yes but I like this contest. This is designed to help the end user have a better product.


8 posted on 03/25/2010 10:55:02 AM PDT by the long march
[ Post Reply | Private Reply | To 4 | View Replies]

To: the long march
This is designed to help the end user have a better product.

Exactly. The more this is published, and the more products involved, the better we all are.

9 posted on 03/25/2010 10:57:14 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ShadowAce

Isn’t computer hacking a criminal activity? I don’t recall seeing the results for the latest chop shop contest; safe cracking; most efficient meth lab contest; etc. Just saying.


10 posted on 03/25/2010 10:58:06 AM PDT by WinMod70
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

I also use Opera. Firefox has better features, but Opera is more secure and stable.


11 posted on 03/25/2010 10:59:33 AM PDT by Retired Greyhound
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

The practice leading up to the contest is what worries me.


12 posted on 03/25/2010 10:59:36 AM PDT by WinMod70
[ Post Reply | Private Reply | To 9 | View Replies]

To: WinMod70

Hacking in and of itself isn’t illegal, it’s hacking into computers that you don’t have permission to access and are not yours is the illegal part.

Walking on your own property isn’t trespassing, walking on some one’s property without permission is.


13 posted on 03/25/2010 11:00:22 AM PDT by gjones77
[ Post Reply | Private Reply | To 10 | View Replies]

To: Question Liberal Authority
In China,
every day
is Pwn2Own Hacker
Contest Day.

AGAINST
a long list
of American targets
--probably even at
globalists' invitations.

14 posted on 03/25/2010 11:02:38 AM PDT by Quix (BLOKES who got us where we R: http://www.freerepublic.com/focus/religion/2130557/posts?page=81#81)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

WHY WERE THESE INDIVIDUALS NOT ALL ARRESTED? A convention of criminals, and no one paid attention? Oh, I see; it’s Canada. Thanks, Hosers!


15 posted on 03/25/2010 11:03:08 AM PDT by JimRed ("Hey, hey, Teddy K., hot enough down there today?" TERM LIMITS, NOW AND FOREVER!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JimRed

Take a deep breath...

Many of those “hackers” work for global security firms, it’s their job to find exploits.

And as for the students, it’s basically the same thing, they work to find and expose exploits to force the company that made the software to tighten it’s security.

It’s people like them that help to find and fix security holes, they’re referred to as “White Hat Hackers”, they’re the good guys.


16 posted on 03/25/2010 11:05:47 AM PDT by gjones77
[ Post Reply | Private Reply | To 15 | View Replies]

To: JimRed

Because they didn’t launch any attacks on other people’s systems. They developed the exploits on their own time and their own dime, and merely showcased them at this event in an effort to win a prize.

Charlie Miller, who attacks OS X for his prize money, used to be an NSA employee.


17 posted on 03/25/2010 11:09:25 AM PDT by NVDave
[ Post Reply | Private Reply | To 15 | View Replies]

To: JimRed

There’s nothing illegal about hacking your own computer, or a computer offered up openly for hacking. They’re only breaking the law if they hack a computer against the owner’s wishes. You can bust the software on your own machine all you want.


18 posted on 03/25/2010 11:12:16 AM PDT by discostu (wanted: brick, must be thick and well kept)
[ Post Reply | Private Reply | To 15 | View Replies]

To: WinMod70

“Computer hacking” is criminal only when you attack other people’s systems with the exploit.

Developing an exploit on your own systems is not a criminal activity, and if it were, then a whole lot of software developers would end up being shuffled off to jail, because the sort of testing these people engage in is routinely used by software developers who want to make a robust product.

Those software developers wishing to make a robust product, unfortunately, don’t work for major software or hardware vendors, because middle management can’t see the profit margin in closing vulnerabilities unless the vulnerability has been exploited “in the wild.”


19 posted on 03/25/2010 11:12:26 AM PDT by NVDave
[ Post Reply | Private Reply | To 10 | View Replies]

To: gjones77

Deep breath taken- thanks!

8^)


20 posted on 03/25/2010 11:30:04 AM PDT by JimRed ("Hey, hey, Teddy K., hot enough down there today?" TERM LIMITS, NOW AND FOREVER!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: ShadowAce

“Safari was also part of the spoils, making this the third consecutive year contestant Charlie Miller has compromised the Apple browser. Miller, 36, who is principal security analyst at Independent Security Evaluators, said he came to this year’s contest armed with close to 20 working attacks that in virtually every case allow him to seize control of the Mac running the program.”

AH HAHAHAHAHAHA!!!!! Where are all of the devout Mac users who say that it is invulnerable????? 20 “holes”?????


21 posted on 03/25/2010 12:28:59 PM PDT by El Gran Salseron
[ Post Reply | Private Reply | To 1 | View Replies]

To: WinMod70
I don’t recall seeing the results for the latest chop shop contest;

Wasn't that a show called Junkyard Wars?
22 posted on 03/25/2010 12:35:41 PM PDT by Ellendra (Can't starve us out, and you can't make us run. . . -Hank Jr.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: gjones77; JimRed
"It’s people like them that help to find and fix security holes, they’re referred to as “White Hat Hackers”, they’re the good guys."


Not only that, but the makers of the products don't hesitate to trumpet any success they may have fending off the solicited attacks on their products at these types of competitions. (Not that they are very often successful at that. These kinds of puzzles tend to attract some pretty serious talent.)
23 posted on 03/25/2010 1:01:25 PM PDT by EasySt ( Join Free Republic Folders - A tribute to Ronald Reagan)
[ Post Reply | Private Reply | To 16 | View Replies]

To: El Gran Salseron
Even one of the winners say the same thing we read on these PC vs. Mac threads:

The genius of a contest like Pwn2Own is that it exposes the insecurity of software that rarely gets exploited by criminals. Plenty of Linux and Mac fans cite the absence of real-world exploits on those platforms as proof positive that they are inherently safer than the prevailing Microsoft operating system. It's an argument that carried little weight in Vancouver.

"The problem Microsoft has is they have a big market share, said Vreugdenhil, the hacker who attacked IE. "I use Opera, but that's basically because it has a tiny market share and as far as I know, nobody is really interested in creating a drive-by download for opera. The web at the moment is pretty scary, actually."

24 posted on 03/25/2010 1:01:47 PM PDT by Ol' Dan Tucker (People should not be afraid of the government. Governement should be afraid of the people)
[ Post Reply | Private Reply | To 21 | View Replies]

To: El Gran Salseron
AH HAHAHAHAHAHA!!!!! Where are all of the devout Mac users who say that it is invulnerable????? 20 “holes”?????

I don't know. Perhaps you could find us an example of one of those posts by a "devout Mac users who say that it is invulnerable".

No software is invulnerable. Some (OSX/Linux) is more resistant to such attacks than others (MS-Windows).

I did not see indications that any of the hacks displayed here were able to escalate the privilages of the attackers. That makes a big difference as to whether the attack is useful to criminals and those who run botnets.  being able to dump some of your personal information is bad enough. Having your computer turn into a zombie is something entirely different.

25 posted on 03/25/2010 1:23:00 PM PDT by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 21 | View Replies]

To: zeugma

You must not be around here much. For years that what Mac users claim. If you really want to find them look way way back in my post history.


26 posted on 03/25/2010 1:31:11 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 25 | View Replies]

To: JimRed
WHY WERE THESE INDIVIDUALS NOT ALL ARRESTED? A convention of criminals, and no one paid attention? Oh, I see; it’s Canada. Thanks, Hosers!

That's the mac security model. Just keep people from knowing about it and you'll be secure. But many of these guys are white hats where they find holes and then tell the companies about them so they can make the product secure.

27 posted on 03/25/2010 1:32:13 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 15 | View Replies]

To: zeugma; for-q-clinton

“I don’t know. Perhaps you could find us an example of one of those posts by a “devout Mac users who say that it is invulnerable”.”

As for-q-clinton said in post # 26, although you have been a member since ‘98, you mustn’t visit the site very much.

There have been marathon threads about how wonderful Mac is and Microsoft Windows is trash. :-)

All of the rest that you have said is true. I know this because I have been in the computer business since 1962. :-)


28 posted on 03/25/2010 2:11:07 PM PDT by El Gran Salseron
[ Post Reply | Private Reply | To 25 | View Replies]

To: El Gran Salseron
I guess I'll have to repeat myself. Surely you noticed that I put your exact words in quotes.

Please post an example of one of those posts by a “devout Mac users who say that it is invulnerable”.”

I thought that was fairly specific. You made the claim, I asked for proof of same. You respond with generalities. Try again.

29 posted on 03/25/2010 4:18:11 PM PDT by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 28 | View Replies]

To: for-q-clinton
You must not be around here much. For years that what Mac users claim. If you really want to find them look way way back in my post history.

Sure. Feel free to post any comments  as I said in my original post

I don't know. Perhaps you could find us an example of one of those posts by a "devout Mac users who say that it is invulnerable".

Surely if it's as common as you think, you should be able to find lots of them.

30 posted on 03/25/2010 4:20:46 PM PDT by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 26 | View Replies]

To: zeugma

If you think that I am going to back track over years of posts to give you one example you are very sadly mistaken.


31 posted on 03/25/2010 5:14:24 PM PDT by El Gran Salseron
[ Post Reply | Private Reply | To 29 | View Replies]

To: zeugma

I believe I played this game with you once before (but I may be mistaken and it may have been a different Mac zealot).

But I did provide a post and the response was well he was wrong or he isn’t really a Mac zealot and was just someone who didn’t know what he was talking about.

So instead of wasting my time proving my point again...let’s just cut to the case and pretend you saw such a post. What would your response be? Give me your response then I will see if it’s worth proving my point.


32 posted on 03/25/2010 5:35:24 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 30 | View Replies]

To: El Gran Salseron
If you think that I am going to back track over years of posts to give you one example you are very sadly mistaken.

Thought so. 

If it were as common as you were claiming, it'd take you 5 minutes.

You lose.

33 posted on 03/25/2010 6:10:10 PM PDT by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 31 | View Replies]

To: for-q-clinton
See post 33. You folks got nothing. Admit it and move on. I'm sure if you dig long and hard enough you might find such a post by someone really clueless about how computer software works.

As I said in an earlier post on this very thread - No software is invulnerable. Some (OSX/Linux) is more resistant to such attacks than others (MS-Windows).

The sad thing is, you guys have to invent some mythical "all Macs are invulnerable" straw man to make the same point. I'm merely asking you to put up or shut up.  This claim is repeated on almost every thread, along with the insults against both Linux and Mac users. 

I suppose, though, it makes sense that someone who is a strong proponent of MS-Windows would be defensive, what with thousands of known and active threats to their operating system of choice.

As I've said before on other threads here, I don't even own a Mac. My MIL recently bought a Mac Mini so I guess I'll probably be able to beat off the keyboard someday to get some time to play with it. I just get tired of the insults and strawmen thrown at fellow freepers just because they choose something different that works well for them.



34 posted on 03/25/2010 6:24:04 PM PDT by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 32 | View Replies]

To: zeugma

I don’t lose anything. You have three years seniority on me on FR and know how to use the search engine. USE IT! I’m not going to do your legwork for you. :-)


35 posted on 03/25/2010 8:12:46 PM PDT by El Gran Salseron
[ Post Reply | Private Reply | To 33 | View Replies]

To: El Gran Salseron

Sorry, you still lose. You’re the one who made the claim, not me. If you can’t search by now, perhaps you really shouldn’t be posting here. :-)


36 posted on 03/25/2010 8:40:08 PM PDT by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 35 | View Replies]

To: zeugma

So you’re going with the...even if you find it the guy doesn’t know what he’s saying. Although earlier you said no such idiot exists.

Ahhh...I see you can’t lose with that type of “logic”. Plus all this proves is that since OS X has such a small user base the OS isn’t attacked as much as it would be if it was #1 by a huge margin.


37 posted on 03/25/2010 9:08:05 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 34 | View Replies]

To: for-q-clinton

How utterly predictable y’all are.


38 posted on 03/25/2010 9:33:37 PM PDT by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 37 | View Replies]

To: zeugma

Well here’s a thread. And there are many more:
http://www.freerepublic.com/focus/f-chat/2352669/posts

But you already gave me your answer..that guy wasn’t a knowledgable mac zealot so he doesn’t count. Just like the known vulnerabilities don’t count until someone in the wild uses it to exploit a system with no user interaction and it must be a well maintained system with all patches applied and only plugged into the network when needing networked resources and the moon must not be full and Steve Jobs must be healthy. But once you find that then it will count.


39 posted on 03/25/2010 9:45:25 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 38 | View Replies]

To: zeugma

Yes, I made a claim. Isn’t it wonderful that we live in a country where you get to read something, form an opinion and reach a conclusion.

You can then decide whether or not that person is telling the truth or lying. I don’t care at all as to whether or not you believe me.

Besides, I didn’t post to you. I posted to the person who started the thread. Therefore, I wasn’t obligated to answer you and I certainly am not going to do your searching for you.

Only democrats want everything to be handed to them and to be spoon-fed. Are you a democrat? :-)


40 posted on 03/26/2010 10:10:48 AM PDT by El Gran Salseron
[ Post Reply | Private Reply | To 36 | View Replies]

To: WinMod70
Isn’t computer hacking a criminal activity? I don’t recall seeing the results for the latest chop shop contest; safe cracking; most efficient meth lab contest; etc. Just saying.

If someone comes to you and says: "Here, see if you can hack my system". Then you're okay. It's only hacking systems you're not authorized to hack. To play the role of a "White Hat", you need to see what the black hats do, so you guard against it. The White hat will also play the role of a black hat to test his systems safeguards.

41 posted on 03/26/2010 10:29:02 AM PDT by AFreeBird
[ Post Reply | Private Reply | To 10 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson