View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 13, 2014

Flaws win prizes at Mobile Pwn2Own

Cash prizes awarded to teams who found security flaws in Samsung Galaxy S5 and Amazon Fire Phone.

By Ellie Burns

MWR Labs, the research arm of MWR InfoSecurity, has demonstrated security flaws in both the Samsung Galaxy S5 and Amazon Fire Phone.

One team of researchers from MWR Labs in the UK exploited the Samsung Galaxy S5, enabling them to steal personal details, while another team from MWR Labs in South Africa exposed a remote code execution on the Amazon Fire Phone.

The flaws were demonstrated at this year’s Mobile Pwn2Own event which took place during the Applied Security Conference (PacSec) in Tokyo, Japan. The discovery of the flaws resulted in MWR Labs winning two different categories at the event.

The Zero Day Initiative (ZDI), host of the annual event, announced MWR Labs UK researchers Robert Miller and Jonathan Butler as winners in the Short Distance Category, following their exploitation against the Samsung Galaxy S5 over NFC. They successfully retrieved personal information from the device, securing the win and $75,000 in prize money.

Bernard Wagner and Kyle Riley from South Africa won the Mobile Application/OS category, successfully demonstrating remote code execution on the Amazon Fire Phone through a Man-in-the-Middle attack. The South African based researchers indicated that the exploit was possible due to a set of vulnerabilities within a pre-installed package on the device. They walked away with $50,000 in prize money.

"MWR is proud to receive these awards," said Ian Shaw, Group MD of MWR InfoSecurity. "Our talented researchers span far and wide across the globe and they work extremely hard. Entering competitions, such as Pwn2Own, are vitally important as it keeps us at the sharp edge of the industry.

"This work forms part of a wide-ranging programme of security research at MWR on a global scale and highlights the ongoing need for mobile developers and manufacturers to prioritise security, in order to keep customers safe. We also plan to further develop MWR security research in Asia, with the recent addition of MWR facilities in Singapore."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The MWR Labs research also identified additional vulnerabilities, which will first be reported to Samsung and Amazon in the coming weeks.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.