Rather than the security of the smartphones, the limited memory, processing power and security researchers not so smart on mobile devices have saved the day for smartphone browsers at PWN2OWN 2009.
""With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work," said Terri Forslof, manager of security response at 3Com Inc.'s TippingPoint unit, which sponsored the contest."
"Take, for example, [Charlie] Miller's Safari exploit," said Forslof, referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. "People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?" she said. "The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone."
There is always next year.
Wednesday, March 25, 2009