A group of hackers from China won $215,000 for hacking Nexus 6P and iPhone 6s in the 2016 Mobile Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan.
The Tencent Keen Security Lab Team bagged the amount by coming up with three successful exploits for the Nexus 6P and iPhone 6s.
The Keen Team destroyed a fully patched and updated Nexus 6P on their first attempt in just five minutes. The team combined two pre-existing Android exploits and then “leveraged other weaknesses in the OS”, managing to install a malicious app without requiring any user interaction. This effort alone scored them over $100,000.
Next up, the hackers tackled the iPhone 6s and also managed to install a rogue app, but it didn’t survive a reboot, making it less valuable both to a potential bad actor as well as to the Keen Team’s prize money. The team was able to get the iPhone 6s to give up its store of photos though, netting the team more money overall for iPhone 6s exploits than for the Nexus 6P.
All bugs and vulnerabilities have been disclosed to Google and Apple as part of Trend Micro’s standard disclosure process.