Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

Trend Micro's annual Mobile Pwn2Own contest took place in Tokyo, Japan today at the PacSec security conference, and security researchers spent the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.


Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system, was successfully breached twice by Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.

They used a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot. They earned $60,000 for the WiFi exploit and added $50,000 for the persistence bonus - a total of $110,000 and 11 Master of Pwn points.

Tencent Keen Security Lab was on the clock once more as they targeted the Safari Browser on the Apple iPhone 7. It took them just a few seconds to successfully demonstrate their exploit, which needed only two bugs - one in the browser and one in a system service to allow their rogue app to persist through a reboot. As the second finisher in the Browser category, they earned half of the cash award at $45,000, but still earned the full 13 Master of Pwn points.

Security researcher Richard Zhu was also able to leverage two bugs to exploit the Safari browser and escape the sandbox to successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.

Along with the iPhone 7, researchers were able to find exploits for the Samsung Galaxy S8 and the Huawei Mate 9 Pro, earning a total of $350,000.

Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers for disclosing major vulnerabilities to tech companies like Apple and Google.

Pwn2Own continues on through tomorrow, so additional exploits may be uncovered. Apple representatives have been known to attend Pwn2Own competitions in past years, and all vulnerabilities discovered are disclosed to Apple. The company then has 90 days to produce patches for all iOS-related bugs before they're publicly disclosed.

Tag: Pwn2Own

Top Rated Comments

btrach144 Avatar
40 months ago

Would these security researches tell Tim cook that getting rid of touch ID was retarded?

This has nothing to do with FaceID or TouchID. Please remain relevant.
Score: 42 Votes (Like | Disagree)
SoApple Avatar
40 months ago

Would these security researches tell Tim cook that getting rid of touch ID was retarded?

What an irrelavant and pointless comment.

On a more relevant note. This exploit has been fixed in the new update.
Score: 26 Votes (Like | Disagree)
dannyyankou Avatar
40 months ago
These contests are great. They give good incentives to find security exploits, and they end up getting patched by Apple.
Score: 19 Votes (Like | Disagree)
Slix Avatar
40 months ago
The real question is: Will their exploits they found affect my iPod touch running iOS 6.1.6?

:P
Score: 14 Votes (Like | Disagree)
Aloft085 Avatar
40 months ago

FBI joke in 3-2-1....

No need, the FBI is the joke.
Score: 10 Votes (Like | Disagree)
WatchFromAfar Avatar
40 months ago

On a more relevant note. This exploit has been fixed in the new update.

Has it? the post says "Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system" which came out yesterday.
Score: 10 Votes (Like | Disagree)

Top Stories

apple briefcase

AppleCare Memo Hints at Potential Hardware Announcement Next Tuesday

Thursday December 3, 2020 9:12 am PST by
Following a busy fall season in which Apple hosted three events in as many months, the company may have one more product announcement in store this year. In an internal memo this week, obtained by MacRumors from a reliable source, Apple informed service providers that it has AppleCare-related changes planned for Tuesday, December 8 at approximately 5:30 a.m. Pacific Time. Specifically, Apple ...
apple top apps games 2020

Apple Shares Top 20 Most Downloaded Games and Apps of 2020

Tuesday December 1, 2020 9:38 pm PST by
Alongside picks for the top iPhone, iPad, and Mac apps and games of the year, Apple today shared charts featuring the Top Games of 2020 and the Top Apps of 2020, revealing the most popular free and paid apps and games during the year. Among Us! was the top free game of 2020, followed by Call of Duty: Mobile, Roblox, and Subway Surfers. Ink Inc. Tattoo Drawing was the number four free app,...
homepod mini amazon echo size

$99 Speaker Showdown: HomePod Mini vs. Amazon Echo and Google Nest Audio

Wednesday December 2, 2020 3:12 pm PST by
Apple recently released the HomePod mini, a new $99 version of the original HomePod that's smaller, cuter, and, most importantly, competitively priced. At $99, the HomePod mini can better compete with affordable smart speakers from companies like Google and Amazon. Subscribe to the MacRumors YouTube channel for more videos. The HomePod mini has been praised for its high-quality sound at its...
iphone8guide b

iOS 14.2 Quietly Added FaceTime 1080p Support to iPhone 8 and Later Models

Wednesday December 2, 2020 3:21 am PST by
Back in early November, Apple released iOS 14.2 and announced with it a slew of new features for iPhones, but one thing it didn't mention was the apparent addition of support for 1080p FaceTime calls on iPhone 8 and later devices. The little-known fact was discovered by MacMagazine, which found that Apple quietly updated the specs pages for devices like iPhone XR shortly after the release of ...
16 inch MBP Mini Led

Kuo: Two Redesigned MacBook Pros in 2021 and New MacBook Air in 2022, All With Apple Silicon and Mini-LED Displays

Wednesday December 2, 2020 5:46 am PST by
Apple plans to release two redesigned MacBook Pros in 2021 and a new MacBook Air in 2022, all with mini-LED displays and Apple Silicon chips, according to TFI Securities analyst Ming-Chi Kuo. In a research note to investors, seen by MacRumors, Kuo explained that two new MacBook Pro models equipped with an all-new form factor design are expected to launch in 2021, and a new "affordable"...
iOS 14

Apple Releases Third Betas of iOS 14.3 and iPadOS 14.3 to Developers [Update: Public Beta Available]

Wednesday December 2, 2020 10:04 am PST by
Apple today seeded the third betas of upcoming iOS 14.3 and iPadOS 14.3 updates to developers for testing purposes, two weeks after releasing the second betas and a month after the launch of iOS and iPadOS 14.2. iOS and iPadOS 14.3 can be downloaded through the Apple Developer Center or over the air after the proper developer profile has been installed. The iOS 14.3 update brings the...
best apps of 2020

Wakeout! Named Apple's Best App of 2020, While Zoom Earns the Title for Best iPad App

Tuesday December 1, 2020 9:26 pm PST by
Apple today shared its App Store Best of 2020 winners, highlighting its picks for the top iOS, iPadOS, and macOS apps and games released over the course of the year. Apple's iPhone App of the Year award went to Wakeout!, which is a family friendly exercise and movement app that encourages people to complete easy exercises while at home. Apple's iPad App of the Year was Zoom, which soared in...
wristcam design

$299 'Wristcam' Adds a Pair of Cameras to Your Apple Watch

Thursday December 3, 2020 9:32 am PST by
The Apple Watch has never included a camera, likely due to battery life and space concerns. A new Apple Watch product aims to address that lack by introducing a wrist-worn camera that works with the Apple Watch. The Apple-certified Wristcam attaches to the Apple Watch in the form of a band that adds a rather large camera set to the top of the Apple Watch. It's quite thick and bulky, but can...
iphone 12 5g

Multiple iPhone 12 Users Report Sudden Drops in 5G and LTE Cellular Coverage

Thursday December 3, 2020 1:18 am PST by
Since Apple launched the iPhone 12 in October, an increasing number of users of the new smartphone have been reporting persistent drops in cellular coverage. Multiple reports of dropped 5G and LTE connectivity have appeared on Reddit, on Apple's support forums, and on the MacRumors forums, with many people suffering issues when walking or in transit and some seeing the same problem when...
magsafe duo charger

MagSafe Duo Charger for iPhone 12 and Apple Watch Now Available for Purchase

Tuesday December 1, 2020 4:15 pm PST by
Apple today began selling the MagSafe Duo Charger that was announced alongside the new iPhone 12 models back in October. Priced at $129, the MagSafe Duo offers a MagSafe charging puck for the iPhone 12, 12 Pro, 12 Pro Max, and 12 mini, along with an Apple Watch charger. Though the accessory was announced in October and was listed as coming soon, it was not clear when it would launch. Orders...