A number of companies keep holding hackathons so that they can find vulnerabilities in popularly used software and hardware. Recently, in such a hacking contest, a hacker by the nick of ‘Pinkie Pie‘ was able to hack into Chrome browser for Nexus 4 and Samsung Galaxy S4.
During the hack at HP’s Pwn2Own contest, ‘Pinkie Pie’ essentially made use of zero-day exploits. He used two key vulnerabilities which involved overflowing Chrome with an integer overflow and a specific vulnerability in the popular browser which allows complete escape from Chrome’s sandbox, thus compromising its security.
These vulnerabilities seem to work for both Nexus 4 and Samsung Galaxy S4 handsets. Pinkie Pie achieved a prize of $50,000 for finding this new and critical flaws in the browser.
For now, the organizers of Pwn2Own have reached out to Google and made the search giant aware of the vulnerability in Chrome. Google is reportedly working on devising a patch for the exploit as soon as possible. It isn’t clear whether the vulnerability afflicts any other Android handsets besides the two used by Pinkie Pie in his hack.
Interestingly, another group of researchers from Japan has been able to identify yet another serious exploit in Samsung Galaxy S4. The find has landed these researchers a check of $40,000.
While it is good to know that companies are holding such contests to find flaws in their products, it is alarming to note that in virtually every hackathon contest, a new flaw about some popular hardware or software comes to light.
Courtesy: The Hacker News