The Pwn2Own hacking contest first began in 2007. It’s a contest where hackers can reveal vulnerabilities and gives the security community a chance to see their flaws and fix them. With BlackBerry OS 6 came the webkit browser, which has been exposed as being vulnerable. Check out what happened at the CanSecWest conference.
The perpetrators: Vincenzo Iozzo, Aaron Portnoy, and Ralf Philipp Weinmann (two of the team hacked the iPhone last year at the Pwn2Own). The victim: the BlackBerry Torch 9800 with OS 18.104.22.168. According to ZDNet, here’s what they did in technical terms, “ — chained an information disclosure bug to a separate integer overflow flaw in the open-source WebKit to hack the BlackBerry device and steal the contact list and image database.”
There’s no documentation outlining the inner system of the BlackBerry and the team had to run several trial and errors to achieve their goal. It’s the true “if at first you don’t succeed, try and try again” which they finally did with success. During their attack, they set up a special coded webpage that directed the exploit at the browser. They hijacked the contact list, copied images from the device, and wrote a file to the BlackBerry as an example of full execution.
It was a bit of a challenge but wasn’t too hard since ASLR (Address Space Layout Randomization) or DEP (Data Execution Prevention). RIM’s Security Response Team was there to view the event live. The Security Response Director, Adrian Stone, commented that it happens but that he would work with the contest team to be sure it works against the latest firmware. He also admitted that while the BlackBerry does not have ASLR or DEP, it is looking in to integrating these security enhancements to the BlackBerry in the future.