Every year, CanSecWest hosts a competition to analyse digital security. The most interesting among them are industry’s top Internet browsers, Operating systems. Pwn2Own hacker challenge wrapped up today with the same hacker taking the most vulnerable browser down, yet again.
Charlie Miller, the first hacker to take safari down, says that Chrome is still the hardest one to exploit.
“There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things – you can’t execute on the heap, the OS protections in Windows and the Sandbox.”
The mobile Safari attack was particularly impressive, since running code on the iPhone requires a valid digital signature. By rearranging bits of pre-signed code, Halvar Flake of Zynamics was able to deliver a malicious payload via Safari and force the iPhone to cough up its complete SMS database. Contacts and messages were laid bare — including deleted ones.
“Nils”, for the 2nd year in a row, exploited a previously unknown vulnerability in Mozilla Firefox to take complete control of a 64-bit Windows 7 machine. He used several tricks to bypass Address Space Layout Randomization (ALSR) and Data Execution Prevention (DEP) to get his drive-by download to load an executable on the target machine.
Normally, ASLR+DEP are held up as significant roadblocks to thwart malware attacks on the newest versions of Windows but, as this contest shows, skilled hackers with enough motivation and resources can bypass those mitigations easily.
Most of these exploits aren’t being used on the internet, it’s still an indication of just how scary the landscape of the Internet is right now. How do you stay safe? Google Chrome looks like a good choice, obviously, but there’s another option you might consider: Opera. Opera has relatively small market share and even hackers don’t bother about preparing exploits fro this browser.