Researchers at MWR Labs have successfully demonstrated hacks on the Samsung Galaxy S5 and the Amazon Fire Phone, a spokesperson for the company told MyBroadband.
The team who tackled the Galaxy S5 were Rob Miller and John Butler from MWR’s offices in the UK, while a team from South Africa consisting of Bernard Wagner and Kyle Riley attacked the Fire Phone.
Both teams demonstrated their attacks at the third annual Mobile Pwn2Own competition on Wednesday, 12 November 2014, which was held at the the Applied Security Conference (PacSec) in Tokyo, Japan.
MWR Labs said that some of the best researchers in the field of mobile security and exploitation went head-to-head for a total prize pool of $425,000.
“The MWR Labs teams competed in the Mobile Application/OS category,” MWR said. “In order for one of the teams to win they will need to be the first to successfully demonstrate remote code execution on their targeted devices.”
To prove that they are able to execute arbitrary code remotely, MWR said that typical criteria have usually included retrieving files from exploited devices — such as SMS messages and photos — without any user interaction.
Asked how the teams managed to get remote code execution privileges on the Galaxy S5 and Fire Phone, MWR said they were not allowed to disclose that information.
Only broad information about the attacks is available, such as that MWR’s Galaxy S5 hack targeted near field communications, while the Fire Phone attack targeted the mobile operating system itself.
According to MWR Labs its South African team was able to install its security audit and attack framework for Android, called “drozer”, with full permissions on the Fire Phone.