Smartphones win in Pwn2Own hacking contest

Last month, I blogged about TippingPoint's annual Pwn2Own contest, which awards $10,000 prizes for successful hacks on desktop and mobile browsers. Well this year's competition is over, and the results are in.

While three out of four targeted computer web browsers were taken down, none of the smartphones included in the contest ? which were BlackBerries, iPhones, and WinMo, Symbian and Android devices ? were successfully exploited.

According to Slashdot, TippingPoint's Terri Forslof cited one 10-second hack of a MacBook through an unpatched, yet longstanding Safari vulnerability. But even though the iPhone's Safari browser has the same weakness, the exploit wouldn't work on the mobile phone. Why? Compared to desktops, smartphones have limited memory and processing power, says Forslof, which means ?a lot of [researchers'] main exploit techniques are not able to work.?

Speaking of desktop browsers, Chrome was the only one that survived. The others were hacked, and rather quickly.

Charlie Miller, the security expert behind the MacBook exploit above, won this year's and last year's event by laying waste to Macs running Safari. Interestingly, Miller has repeatedly said that Macs were safer alternatives for typical users than Windows PCs. (Well actually, Apple Insider points out that Miller's statements describe Macs as being less secure, but since there's so little malware out there targeting it, he says, the Apple technology winds up being safer.) This is all good food for thought as we ramp up for WWDC in June.