MWR teams pwn Huawei and Samsung devices at PacSec 2017 competition.
MWR Labs, the research arm of global consultancy MWR InfoSecurity, has successfully demonstrated attacks against the latest Android devices at this year’s mobile Pwn2Own competition. MWR Labs succeeded in exploiting both the Huawei Mate9 Pro and the Samsung S8 using previously unpublished vulnerabilities.
The Zero Day Initiative (ZDI), host of the annual event, announced that the MWR Labs team were successful in its ‘Browser’ category after they were able to demonstrate exploitation against the devices, having triggered a series of vulnerabilities in their default browsers without the need for any user interaction. In both cases this allowed MWR Labs to run code of their own on the devices, enabling them to read and write the user’s files, access the camera, and perform other such actions without the user being made aware.
“It's always exciting when we take part in these competitions and we're thrilled with the team's results,” said Ian Shaw, CEO of MWR InfoSecurity. “Our researchers from across the globe work extremely hard to identify flaws and then work with developers to fix and strengthen their code. Entering competitions, such as Pwn2Own, is vitally important as it keeps us at the sharp edge of the industry.
Both Huawei and Samsung have been made aware of the vulnerabilities and are now working to patch them. Once patched, MWR intends to publish advisories in due course on its website (https://labs.mwrinfosecurity.com/) in accordance with MWR’s disclosure policy.
About MWR InfoSecurity
Established in 2003, MWR is an independent cyber security consultancy delivering research-led cyber security for clients around the globe.
It provides specialist advice and solutions in all areas of security, from professional and managed services, through to developing commercial and open source security tools. It focuses on working with clients to develop and deliver security programs, tailored to meet the needs of each individual organisation. In a rapidly changing technology landscape, innovation is essential and its ambition to push boundaries sets it apart. Evidence of this approach is well documented on its dedicated research and development platform, MWR Labs.
Central to MWR's philosophy is the desire to deliver high quality cyber security consulting services and unsurpassed levels of support to clients.