CybersecurityAndroid and Windows 7 phone confound hackers in competition
Android smartphones and the Windows 7 phone foiled hackers at the recent Pwn2Own hacking competition, while the Apple iPhone and Blackberry were successfully broken into; the results do not necessarily mean that Android and Windows 7 phones are more secure; several factors determine the relative protection a device has against hackers including the security of the software itself and the amount of research that has already been conducted on the device’s weakness; observers were surprised to see the Android repel attacks, but were not shocked when the iPhone was hacked
Competitors at work // Source: dvorak.org
Android smartphones and the Windows 7 phone foiled hackers at the recent Pwn2Own hacking competition, while the Apple iPhone and Blackberry were successfully broken into.
In the three day tournament, hackers took two days to bypass the security features of Apple and Blackberry phones, but after three days eventually gave up on cracking the Android and Windows 7 phones.
But, according to Peter Vreugdenhil, the winner of last year’s Internet Explorer Pwn2Own challenge, the results do not necessarily mean that Android and Windows 7 phones are more secure.
“The survival of a target at Pwn2Own does not automatically declare it safer than a target that went down,” he said.
Vreugdenhil was not surprised to see the iPhone hacked so quickly as it has been the subject of frequent attack by hackers and extensive research has been conducted on its weaknesses.
But he was surprised to see the Android withstand hackers as it too is a major target of attack.
“We see no particular reason why Android would be harder to hack than one of the other targets,” Vreugdenhil said.
Vreugdenhil explained that several factors determine the relative protection a device has against hackers. These include the security of the software itself and the amount of research that has already been conducted on the device’s weakness.
The fifth annual Pwn2Own challenge took place on 9 March to 11 March and in addition to phones also pits various web browsers against hackers.
This year hackers tried to take down Microsoft Internet Explorer 8, Apple Safari 5.0.3, Mozilla Firefox, and Google Chrome. Hackers successfully took down all of the browsers except for Firefox and Chrome.
Vreugdenhil says, “Chrome has the advantages of having multiple exploit-mitigation techniques that certainly make it more difficult to hack.”
Hackers exploited the fact that Safari, Chrome, iPhone, Android, and Blackberry all use WebKit browsers, which leave them more susceptible to exploitation through their browsers.
This technique was used to successfully bring down the iPhone by creating a specially made webpage that exploited a flaw in its Safari Web browser. The Blackberry was brought down using a similar method.
While no device or browser is 100 percent safe, Vreugdenhil says there are safety features that can be incorporated to minimize risk including data execution prevention mechanisms, address space layout randomization, sandboxing, and code signing.