Mobile Pwn2Own 2012 will put up a $200,000 cash bounty for a challenge that matches the best hackers/researchers against fully patched iOS, Android, BlackBerry and Windows Phone devices.
According to contest cosponsor TippingPoint ZDI, the main objective in the special edition is to present the potential vulnerabilities and exploits in dominant mobile technologies today. These include hack attacks on mobile web browsers, near field communication (NFC), short messaging service (SMS) and cellular baseband.
Event organizers will dispense $100,000 for a successful cellular baseband hack, $40,000 each for SMS and NFC zero-day exploits, and $20,000 for demonstrating mobile web browser vulnerabilities.
TippingPoint ZDI said each participant will receive a mobile device of his or her choice for hacking during preregistration. Examples of accepted smartphones would be the Apple iPhone 4S (iOS), Samsung Galaxy S3 (Android), BlackBerry Bold 9930 (BlackBerry) and Nokia Lumia 900 (Windows Phone).
“The only requirement is that it be a current device and running the latest operating system. The exact OS version, firmware and model numbers will be coordinated with the pre-registered researcher,” the company said.
A successful hack attack requires the use of zero-day vulnerability and “little or no user interaction”. The winning hacker must expose or secretly withdraw relevant data from the mobile device.
“Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope,” the company explained.
A special radio frequency (RF) isolation area will be available to facilitate hacks without local law violations. “This RF enclosure has a built-in video recording feature which allows us to publish the feed at the conclusion of the contest.”
Pwn2Own previously held challenges to hack mobile platforms, but aside from some hits on iPhones and BlackBerrys, they ended up unharmed for the most part.
“The contest will take place the 19th and 20th of September, 2012 in Amsterdam, Netherlands during the EUSecWest conference. This blog post will be updated as the contest plays out, and for real-time updates you can follow either @thezdi on Twitter or search for the hash tag #pwn2own,” TippingPoint added.
A successful compromise of any of these targets will win the contestant the cash prize, the device itself, and 20,000 ZDI reward points* which immediately qualifies them for Silver standing.
Along with the prize money, each winner will receive a BlackBerry PlayBook courtesy of RIM. Prize money for the first researcher to compromise a device for each of the vectors is listed below.
Mobile Pwn2Own 2012 is cosponsored by AT&T and Research In Motion (RIM).
For registration, go to this link.
*Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions over the next calendar year, 25% reward point bonus on all ZDI submissions over the next calendar year and paid travel and registration to attend the 2013 DEFCON Conference in Las Vegas.