Chinese Hackers Managed to Steal Photos from iPhone 6s and Hack Nexus 6P
Google's Nexus 6P and Apple's iPhone 6s may have gone out of the limelight after latest flagship phone releases, but both these devices are considered as secure smartphones. Apple and Google offer the highest level of security features and protections with their latest devices, including iPhone 6s and Nexus 6P. But, hackers managed to earn hundreds of thousands of dollars after successfully hacking both these smartphones.
Researchers hack iPhone 6s and Nexus 6P despite latest security patches
Researchers who competed in the 2016 Mobile Pwn2Own in Tokyo won a total prize of $215,000 for breaking into these flagship devices.
The Tencent Keen Security Lab tried to install a rogue application on a Google Nexus 6P without user interaction. The Chinese researchers used two vulnerabilities to achieve this task, and earned $102,500 from Trend Micro's Zero Day Initiative (ZDI).
— KEENLAB (@keen_lab) October 26, 2016
Researchers also hack Apple's iPhone 6s
Coming to the iPhone 6s, the Keen Lab earned another $52,000 for stealing photos from the smartphone using a use-after-free vulnerability and a memory corruption bug in the sandbox. This vulnerability worked after Apple pushed out its latest security patches earlier this week. Apple had credited the Keen Lab for discovering a serious flaw that could allow hackers to hijack a target phone after the victim viewed "a maliciously crafted JPEG" image or a PDF file.
The same team also tried to install a malicious application on iPhone 6s, but it was only partially successful. The installed app did not survive a reboot due to a "default configuration setting." ZDI awarded another $60,000 for the vulnerabilities used in this partially successful hack.
Out of the total potential payout of $375,000 from ZDI, the Keen Lab managed to earn $215,000. There were also cash incentives for hacking the Samsung Galaxy S7 phones, but the prizes were lower than those for the Google and Apple devices.
"These are critical in nature as they allow an attacker to disclose sensitive information or install a malicious application," ZDI's Brian Gorenc said about these vulnerabilities. "We’ve seen similar exploits recently used in the wild."