A team of four MWR Labs employees successfully hacked a Samsung Galaxy S3 today, earning them a win in the Mobile Pwn2Own competition at EUSecWest in Amsterdam. Don’t worry, they’re holding back the details until the exploit is patched.
Two vulnerabilities were used to hack and retrieve data from a Samsung Galaxy S3. The first vulnerability was a memory corruption exploit that allowed the team to upload malicious code to the S3 over NFC. MWR makes a point of noting that this exploit is not NFC specific, and could be executed via malicious websites or email attachments.
The second vulnerability allowed them undermine Android’s app sandbox and raise the privileges of the executed code. The team used this to upload a customized version of MWR Labs’ own Mercury application. MWR describes Mercury as “A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android.”
Once Mercury was installed on the Galaxy S3, it was used to retrieve information such as SMS messages, emails, contacts and photos. MWR notes that it could also be used to make calls to premium rate numbers.
While Android 4.0.4 has measures in place to prevent this type of thing from happening, MWR said that shortcomings in those protections were sufficient to allow their exploits to work. More information is available on the MWR Labs blog post on the exploit, but they aren’t offering specifics until the Android vulnerabilities they discovered are patched.
Until then, they’ll have to figure out what to do with the $30,000 they won for their efforts.
How much sensitive data do you keep on your phone? How bad could it get if you were hacked?