iPhone, Galaxy S5, Nexus 5 & Fire Phone: Security Blasted

As a part of an annual hacking contest called Pwn2Own organised by Hewlett Packard (sponsored by Google & Blackberry), to find security vulnerabilities & patching them before revealing the details- iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire Phones were hacked using multiple bug attacks & NFC. Read on for the complete story.

security-breach-data-breach

During the first day,the following hacks took place:

  • An iPhone 5S managed to execute a full sandbox escape in the Safari browser by a two-bug attack.
  • NFC functionality was used to trigger a deserialization exploit in a Samsung Galaxy S5.
  • A separate team also used NFC to exploit a logical error present in the Galaxy S5.
  • Bluetooth pairing was forced on an LG Nexus 5 with a 2 bug attack
  • A 3 bug attack took down the Amazon’s Fire Phone’s web browser.

For the uninitiated, NFC or Near Field Communication allows devices to transfer data/establish communication with each other by gently tapping the two devices for pairing.

This vulnerability is infact one of the most dangerous exploits as it affects a large number of devices. For those who are worried about its implications, the loopholes have already been fixed. For rest of the users, it is a smart move to keep the NFC switched off when not in use.

Events like Pwn2Own and similar whitehat initiatives demonstrate the fact that every system/software can be hijacked or exploited with a particular set of skills & intelligence.

More related stories below: