Singapore: At this year’s Mobile Pwn2Own event that took place during the Applied Security Conference (PacSec) in Tokyo, Japan, the research arm of global consultancy MWR InfoSecurity - MWR Labs - won two different categories by exclusively demonstrating security flaws in both the Samsung Galaxy S5 and Amazon Fire Phone. One team of researchers from MWR Labs in the UK exploited the Samsung Galaxy S5, enabling them to steal personal details, while another team from MWR Labs in South Africa exposed a remote code execution on the Amazon Fire Phone.
The Zero Day Initiative (ZDI), host of the annual event, announced MWR Labs researchers from the UK Robert Miller and Jonathan Butler as winners in the Short Distance Category after they were able to demonstrate exploitation against the Samsung Galaxy S5 over Near Field Communication (NFC). They successfully retrieved personal information from the device, securing the win and $75,000.
In addition, Bernard Wagner and Kyle Riley from South Africa won the Mobile Application/OS category, successfully demonstrating remote code execution on the Amazon Fire Phone through a Man-in-the-Middle attack. The researchers, based out of MWR’s South African office, have indicated that the exploit was possible due to a set of vulnerabilities within a pre-installed package on the device. The prize for this category was $50,000.
MWR recently opened a new operation in Singapore to meet the growing demand for specialist cyber security consultancy in the Asia Pacific region and further develop its research capabilities, providing advisory and security assurance services to clients in key areas including mobile banking, payments, attack detection and incident response.
“MWR is proud to receive these awards,” said Ian Shaw, Group MD of MWR InfoSecurity. “Our talented researchers span far and wide across the globe and they work extremely hard. Entering competitions, such as Pwn2Own, are vitally important as it keeps us at the sharp edge of the industry.
“This work forms part of a wide-ranging programme of security research at MWR on a global scale and highlights the ongoing need for mobile developers and manufacturers to prioritise security, in order to keep customers safe. We also plan to further develop MWR security research in Asia, with the recent addition of MWR facilities in Singapore.”