The price of success in the marketplace is a bigger target on your back for hackers and cybercriminals, as the Pwn2Own contest proves.
Vancouver has been a happening city this year — first the Winter Olympics and now the hacking olympics, otherwise known at the Pwn2Own contest taking place at the CanSecWest Applied Security Conference in lovely British Columbia.
Apparently, the cash prizes offered by contest sponsor TippingPoint DVLabs are being claimed. The first section of the contest challenged security hackers to target browsers including the latest versions of Internet Explorer, Firefox, Google Chrome, and Apple Safari. The second section offers bounties on vulnerabilities exploiting mobile phones.
Both the Safari browser and the iPhone became early victims in the Pwn2Own competition (along with Firefox and IE). ZDNet's Ryan Naraine reports that contestant Charlie Miller managed to hack into a MacBook by exploiting a critical Safari browser vulnerability. Meanwhile, another research team managed to hack the iPhone and hijack the SMS database.
The increasing popularity of Apple's products make them an inviting target — giving them the kind of attention that Microsoft has long "enjoyed" in the world of security crackers. A recent story in the Washington Post reports that cybercriminals are eager to exploit the Apple iPad phenomenon as well. Consumers are being warned to be on the lookout for phishing emails that promise a low-priced iPad if you enter a credit card number and address. The article notes that Apple gives credit card scammers two ways to make money — first with the initial stolen credit card numbers via phishing and other online scams, and second by taking advantage of the price discrepancy for Apple products abroad vs. the United States:
Electronics are popular with international crooks in part because they're an easy way to get money overseas. Crooks who want to avoid the scrutiny that comes from schlepping briefcases of cash across borders can essentially treat electronics as currency, using a stolen credit card to buy Apple products or other hot electronic goods and have them shipped to another country where they'll be resold, employing U.S.-based mules who get a small kickback for their participation.
Pretty slick. Do you think that Apple will use the information gleaned from contests like Pwn2Own to strengthen its security countermeasures against cybercriminals or will its success in the marketplace come at the price of absorbing the same kind of blame and criticism that Microsoft has over the years?