The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan.
Despite the implementation of high-security measures in current devices, the famous Chinese hackers crew has successfully hacked both Apple’s iPhone 6S as well as Google’s Nexus 6P phones.
Hacking iPhone 6S
For hacking Apple’s iPhone 6S, Keen Lab exploited two iOS vulnerabilities – a use-after-free bug in the renderer and a memory corruption flaw in the sandbox – and stole pictures from the device, for which the team was awarded $52,500.
The iPhone 6S exploit successfully worked despite the iOS 10 update rolled out by Apple this week.
Earlier this week, Marco Grassi from Keen Lab was credited by Apple for finding a serious remote code execution flaw in iOS that could compromise a victim’s phone by just viewing "a maliciously crafted JPEG" image.
However, a tweet from Keen Team indicated it was able to make the attack successfully work on iOS 10.1 as well.
The Keen Lab also managed to install a malicious app on the iPhone 6S, but the app did not survive a reboot due to a default configuration setting, which prevented persistence. Still, the ZDI awarded the hackers $60,000 for the vulnerabilities they used in the hack.
Hacking Google’s Nexus 6P
For hacking the Nexus 6P, the Keen Lab Team used a combination of two vulnerabilities and other weaknesses in Android and managed to install a rogue application on the Google Nexus 6P phone without user interaction.
The ZDI awarded them a whopping $102,500 for the Nexus 6P hack.
So, of the total potential payout of $375,000 from the Trend Micro’s Zero Day Initiative, the Keen Lab Team researchers took home $215,000.