• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

2

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

3

China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation

1

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it

2

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

3

China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation

Smartphones 1, Hackers 0

By
Philip Elmer-DeWitt
Philip Elmer-DeWitt
Down Arrow Button Icon
By
Philip Elmer-DeWitt
Philip Elmer-DeWitt
Down Arrow Button Icon
March 21, 2009, 12:28 PM ET
Add Fortune on Google for similar content.

There were several $10,000 prizes at stake — as well as some free mobile phones — but at the end of the three-day Pwn2Own smartphone hacking contest at the big CamSecWest conference in Vancouver, British Columbia, which closed on Friday, none of the devices had been cracked.

The contest, sponsored by 3Com’s (COMS) TippingPoint computer security division, pitted some of the world’s sharpest hackers and computer security experts against five smartphones: an Apple (AAPL) iPhone, a Research in Motion (RIMM) BlackBerry and phones running on Google’s (GOOG) Android, Microsoft’s (MSFT) Windows Mobile and Nokia’s (NOK) Symbian operating systems.

Although the rules were relaxed each day to make hacking easier, the phones managed to withstand the few attempts that were made to “pwn” them — Internet-gamer slang meaning to conquer or gain ownership.

The Web browsers were not so lucky. In a separate contest, now in its third year, the security barriers of Apple’s Safari, Mozilla’s Firefox and Microsoft’s Internet Explorer were breached in the first day — Safari’s in less than 10 seconds using an exploit prepared before the contest. The latest version of Microsoft’s Web browser — IE8 — fell even before the browser’s official release. Only Google’s Chrome survived day one. See here.

It’s not clear why the smartphones did so well and the browsers so badly. It may be that the devices are too new to have been studied closely. “There’s a lot we don’t know yet about them,” Charlie Miller, the man who cracked Safari so quickly, told CNet’s Elinor Mills (link). In fact, there were very few attempts made. Tipping Point’s twitter feed mentioned only two: one against a BlackBerry and another against a Nokia phone running Symbian.

But there’s no question that smartphones are vulnerable to attack. SearchSecurity.com reports that during one conference presentation a team from Core Security Technologies, a Boston-based penetration testing company, demonstrated how to crack into the iPhone, Google Android and Windows Mobile devices using something called a simulated stack overflow vulnerability.

According to Alfredo Ortega, one of the Core researchers, the iPhone had the most security features, making it the most difficult to crack. Windows Mobile, he said, was the easiest to defeat. (link)



When it’s not running contests, TippingPoint operates its ZeroDay Initiative, in which it pays computer security specialists — also known as “white hat hackers” — a bounty for previously undiscovered vulnerabilities in return for a promise not to exploit them.

TippingPoint, in turn, notifies the vendor and simultaneously develops a patch that it offers to its security clients. Once the vendor has developed its own patch, TippingPoint and the vendor coordinate public disclosure. The researcher can either be given credit for the discovery or, if he or she prefers, remain anonymous.

See also: White hat hackers target the iPhone

Below the fold: the rules of the contest as posted on the CamSecWest website here.

Phones (and associated test platform)

  • Blackberry(TBA)
  • Android(Dev G1)
  • iPhone(locked 2.0)
  • Nokia/Symbian(N95-1)
  • Windows Mobile (HTC Touch)

Day 1 (Raw functionality out of the box, users configured for service) post phone, post email

  • SMS
  • MMS
  • Email (arrival only)
  • wifi on if default
  • bluetooth on if default
  • Radio stack

Day 2

  • All of Day 1
  • Email/SMS/MMS (reading only – no secondary actions)
  • wifi on
  • bluetooth on (not accept pairing by default. Paired with a headset. pairing process not visible)

Day 3

  • All of Day 1 and 2
  • one level of user interaction with default applications
  • bluetooth on (not accept pairing by default. Paired with a headset/other devices upon request. pairing process visible)

What is owned? Must demonstrate…

  • loss of information (user data)
  • incur financial cost
About the Author
By Philip Elmer-DeWitt
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

Close to a million investors of the Trump memecoin lost a collective $3.8 billion, even as the president disclosed $636 million in earnings
CryptoCryptocurrency
Close to a million investors of the Trump memecoin lost a collective $3.8 billion, even as the president disclosed $636 million in earnings
By Marco Quiroz-GutierrezJuly 7, 2026
5 hours ago
The Best Berberine Supplements (2026): Everything You Need to Know
HealthDietary Supplements
The Best Berberine Supplements (2026): Everything You Need to Know
By Christina SnyderJuly 7, 2026
5 hours ago
Presidents aren’t supposed to pick winners, former White House ethics lawyer says. Trump keeps choosing Dell
PoliticsDonald Trump
Presidents aren’t supposed to pick winners, former White House ethics lawyer says. Trump keeps choosing Dell
By Mia OsmonbekovJuly 7, 2026
5 hours ago
Meet the former Goldman Sachs exec who became the America’s Cup Partnership’s first CEO and is running the 175-year-old trophy like a startup
C-SuiteSports
Meet the former Goldman Sachs exec who became the America’s Cup Partnership’s first CEO and is running the 175-year-old trophy like a startup
By Catherina GioinoJuly 7, 2026
5 hours ago
Palantir CEO Alex Karp with his arms outstretched while making a point on stage.
NewslettersEye on AI
Palantir CEO Alex Karp is wrong about the threat Anthropic and OpenAI pose to most enterprises. That doesn’t mean he doesn’t have something to lose
By Jeremy KahnJuly 7, 2026
6 hours ago
Scott Wu, in front of a blue background, sits in a gray chair and speaks to a person out of frame.
AIProductivity
Cognition CEO says tech companies got ‘carried away’ with token leaderboards and should measure employees on output instead
By Sasha RogelbergJuly 7, 2026
7 hours ago

Most Popular

Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
Success
Ex-PepsiCo CEO Indra Nooyi worked from midnight until 5 a.m. as a receptionist to pay for her Yale degree—and she says ‘respect went up’ because of it
By Preston ForeJuly 6, 2026
1 day ago
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
AI
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
By Marco Quiroz-GutierrezJuly 5, 2026
2 days ago
China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation
Asia
China’s birth rate just hit its lowest point since 1949—and Trip.com cofounder James Liang thinks that’s a threat to innovation
By Nicholas GordonJuly 7, 2026
18 hours ago
Current price of oil as of July 6, 2026
Personal Finance
Current price of oil as of July 6, 2026
By Joseph HostetlerJuly 6, 2026
2 days ago
The man who ran Bernie's campaign says Democrats are still making the same mistakes with Democratic Socialists, and they should laud Mamdani's win
Politics
The man who ran Bernie's campaign says Democrats are still making the same mistakes with Democratic Socialists, and they should laud Mamdani's win
By Catherina GioinoJuly 6, 2026
1 day ago
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
Success
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
By Preston ForeJuly 4, 2026
4 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.