According to reports, in the 4th “Tianfu Cup” International Cyber Security Competition, the white hat hacker slipper of Pangu Lab under Qi’an Pangu completed the world’s first public remote jailbreak of the iPhone 13 Pro, and obtained the highest control authority of the mobile phone. Obtain mobile phone information arbitrarily, including photo albums, apps, etc., and even directly delete data on the device, and the entire cracking process takes only 1 second, and successfully won the highest single bonus in history of various network security competitions including the “Tianfu Cup” 30 Ten thousand U.S. dollars.
After two days of fierce competition, on October 17, it was hosted by Huawei, Baidu, Alibaba, Tsinghua University, Institute of Information Engineering, Chinese Academy of Sciences, National Industrial Information Security Development Research Center, Tianrongxin, Chengdu Tiantou Group, etc., China Net The “Tianfu Cup” 2021 International Cyber Security Competition, co-organized by Ann and Zhilian Recruitment, came to an end. The “Tianfu Cup” International Cyber Security Competition is committed to becoming the world’s No. 1 cracking competition, openly soliciting contestants and entries for all security practitioners. The contest set up a total of 1.5 million US dollars in prize money, including three major items: PC, mobile and server, as well as virtualization software, operating system software, browser software, office software, mobile smart terminals, Web services and application software, DNS services Eight categories including software and shared management service software. The competition attracted more than 50 teams and more than 200 players signed up for the competition.
The cracking of the latest Apple mobile phone model iPhone 13 Pro can be regarded as the most watched and highest-paid cracking project during this Tianfu Cup. According to the participant slipper, when the user clicks on a link carefully forged by the attacker, that is It can trigger a remote code execution vulnerability in the Safari browser, allowing an attacker to execute attack commands remotely.
After bypassing the Safari browser protection mechanism, the slipper once again used multiple vulnerabilities in the iOS15 kernel and A15 chip to conduct a combined attack, successfully bypassing multiple security protection mechanisms, and obtained the highest control of the iPhone 13 Pro, which can be obtained at will Information, including photo albums, APPs, etc., can even directly delete data on the device or execute other arbitrary commands.
It is worth noting that although the slipper used multiple vulnerabilities in the Safari browser and the iOS kernel to perform a combined attack during the entire cracking process, the method of triggering this attack is very simple. It only requires the user to click on a link. The entire cracking process is only It takes 1 second, which is extremely harmful to the user. From iPhone 4 to iPhone 13 series models, from iOS 7 to iOS 15, relying on many years of mobile security offensive and defensive capabilities and experience, Pangu Lab has always maintained the ability to break through in the first place.
In this competition, Qi’an Pangu won the Most Valuable Product Cracking Award and the second prize of the Best Product Cracking Award. It is worth mentioning that “Kunlun Lab”, which won the first prize of the best product cracking award in this competition, has broken through Chrome, Adobe PDF Reader and Windows 10. Kunlun Lab has implemented Chrome to browse remote URLs and control the browser or system. In addition, Kunlun Lab successfully breached Windows 10 in just 6 seconds.
Last week, Apple publicly emphasized how safe it is compared to Android. The signing report stated that the malware infection rate of Android devices is 15 to 47 times that of the iPhone. As soon as the results of the competition came out, some netizens commented: “Apple is better than Android. 47 times safer, and 47 times faster to crack?” What do you think?
