Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

Trend Micro's annual Mobile Pwn2Own contest took place in Tokyo, Japan today at the PacSec security conference, and security researchers spent the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.


Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system, was successfully breached twice by Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.

They used a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot. They earned $60,000 for the WiFi exploit and added $50,000 for the persistence bonus - a total of $110,000 and 11 Master of Pwn points.

Tencent Keen Security Lab was on the clock once more as they targeted the Safari Browser on the Apple iPhone 7. It took them just a few seconds to successfully demonstrate their exploit, which needed only two bugs - one in the browser and one in a system service to allow their rogue app to persist through a reboot. As the second finisher in the Browser category, they earned half of the cash award at $45,000, but still earned the full 13 Master of Pwn points.

Security researcher Richard Zhu was also able to leverage two bugs to exploit the Safari browser and escape the sandbox to successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.

Along with the iPhone 7, researchers were able to find exploits for the Samsung Galaxy S8 and the Huawei Mate 9 Pro, earning a total of $350,000.

Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers for disclosing major vulnerabilities to tech companies like Apple and Google.

Pwn2Own continues on through tomorrow, so additional exploits may be uncovered. Apple representatives have been known to attend Pwn2Own competitions in past years, and all vulnerabilities discovered are disclosed to Apple. The company then has 90 days to produce patches for all iOS-related bugs before they're publicly disclosed.

Tag: Pwn2Own

Popular Stories

Generic iOS 18 Feature Real Mock

iOS 18 Available Now With These 8 New Features For Your iPhone

Sunday September 15, 2024 10:09 am PDT by
Following over three months of beta testing, iOS 18 was finally widely released to the public on Monday, September 16. The update is available in the Settings app under General → Software Update on the iPhone XS and newer. Below, we have highlighted eight key new features included in iOS 18, and Apple shared a complete list of new features and changes last week. Note that Apple...
iOS 18 Public Beta Thumb 1

Here's When iOS 18 Rolls Out Today in Every Time Zone

Monday September 16, 2024 3:56 am PDT by
It's that time of year again. Apple is about to release iOS 18, which promises to bring a range of new features and improvements to iPhones worldwide. It's Apple's biggest software update of the year, and the company is expected to release it sometime today – Monday, September 16. Based on past releases, the update is likely to drop at around 10:00 a.m. Pacific Time/1:00 p.m. Eastern...
M4 Mac mini Black Ortho Cooler

Apple Leaks New Mac Mini With 5 USB-C Ports

Monday September 16, 2024 11:40 am PDT by
Apple has seemingly leaked the rumored next-generation Mac mini with five USB-C ports, according to a code change within Apple software that was discovered today by MacRumors contributor Aaron Perris. The code refers to an unreleased Mac mini model with an Apple silicon chip and five ports, which lines up with a previous report from Bloomberg's Mark Gurman that said the next Mac mini will be ...
apple silicon mac lineup wwdc 2022 feature purple

M4 Macs, New iPad Mini, and iPad 11 Expected at Upcoming Apple Event

Sunday September 15, 2024 5:29 am PDT by
Apple will likely hold another event in October this year to announce new Macs and iPads. If so, it would be the fourth time in the last five years that Apple has held an event in October. Last year, Apple held a virtual event on Monday, October 30 to announce new MacBook Pro and iMac models with the M3 series of chips. In his Power On newsletter today, Bloomberg's Mark Gurman reiterated...
16 pro

iPhone 16 Pro Demand Has Been Lower Than Expected, Analyst Says

Sunday September 15, 2024 3:58 pm PDT by
Apple analyst Ming-Chi Kuo today said demand for the iPhone 16 Pro and iPhone 16 Pro Max has been "lower than expected" since the devices became available to pre-order in the U.S. and dozens of other countries on Friday. Kuo said his data is based on a "supply chain survey" and shipping estimates listed on Apple's online store. Kuo estimated that sales of all four iPhone 16 models reached...
m4 iPad Pro Horizontal Feature Purple and Blue

Apple Pulls iPadOS 18 for M4 iPad Pro After Bricking Complaints [Updated]

Tuesday September 17, 2024 11:24 am PDT by
Apple stopped signing the iPadOS 18 update for the M4 iPad Pro models, which means the new software is no longer available to be downloaded and installed at the current time. The update appears to have been pulled following complaints from some iPad Pro owners, who found that the update bricked their devices. There are reports on Reddit from iPad Pro users who had an interruption in the...

Top Rated Comments

btrach144 Avatar
90 months ago
Would these security researches tell Tim cook that getting rid of touch ID was retarded?
This has nothing to do with FaceID or TouchID. Please remain relevant.
Score: 42 Votes (Like | Disagree)
SoApple Avatar
90 months ago
Would these security researches tell Tim cook that getting rid of touch ID was retarded?
What an irrelavant and pointless comment.

On a more relevant note. This exploit has been fixed in the new update.
Score: 26 Votes (Like | Disagree)
dannyyankou Avatar
90 months ago
These contests are great. They give good incentives to find security exploits, and they end up getting patched by Apple.
Score: 19 Votes (Like | Disagree)
Slix Avatar
90 months ago
The real question is: Will their exploits they found affect my iPod touch running iOS 6.1.6?

:P
Score: 14 Votes (Like | Disagree)
Aloft085 Avatar
90 months ago
FBI joke in 3-2-1....
No need, the FBI is the joke.
Score: 10 Votes (Like | Disagree)
WatchFromAfar Avatar
90 months ago
On a more relevant note. This exploit has been fixed in the new update.
Has it? the post says "Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system" which came out yesterday.
Score: 10 Votes (Like | Disagree)