Tuesday, August 5, 2014

Evasi0n and Pangu Jailbreaks Nominated for Pwnie Awards

Pwnie Awards

Evasi0n and Pangu , two of the most popular jailbreak tools have been nominated for this year’s Pwnie Awards.

The Pwnie Awards is an annual awards ceremony that celebrates the achievements of security researchers and hackers like the evad3rs and the Pangu team that discover bugs and security flaws.

The evasi0n jailbreak was released late last year, and allows users to jailbreak iOS 7.0.6 â€" iOS 7.0 . While the Pangu jailbreak was released in June, and allows users to jailbreak iOS 7.1.2-iOS 7.1 .

The two teams have been nominated for the “Best Privilege Escalation Bug”. According to the Nomination page, it is awarded to “to the person who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities.”

The organizers have given a brief introduction to explain why the evad3rs and the Pangu teams were nominated:

evasi0n iOS 7.0 jailbreak

Credit: evad3rs

For the second year in a row, the evad3rs team gets a Pwnie nomination for exploiting Apple iOS. This time they chained together at least 4 exploits, to defeat code signing and exploit the iOS kernel.

Pangu iOS 7.1 Jailbreak

Credit: Pangu, Stefan Esser and maybe others

What’s more exciting than one iOS jailbreak? Two iOS jailbreaks. A new team hit the jailbreak scene in 2014 with a jailbreak for Apple iOS 7.1. Tracing the origin of the bugs is difficult, because Stefan Esser claimed that parts of the jailbreak were taken from his iOS training class, and who knows who else had the same bugs. The lesson is something hackers should have learned years ago: if you disclose your bugs even to a single person they probably going to be leaked.

Pangu team are happy that they’ve been nominated for the award, but have clarified that all the exploits used for the Pangu 1.1 jailbreak was discovered by them. As you might know, Pangu team had initially used the exploit used by security researcher and hacker, Esser in Pangu 1.0 , but later released  Pangu 1.1 , which used some other exploits . They have credited @KernelTool [1] for the exploits.

Interestingly, famous iOS hackers, comex and Geohot have also been nominated for the same award for their work in developing Towelroot , which allows users to gain root access to Galaxy S5 and other Android based smartphones.

Linux Futex Bug (CVE-2014-3153)

Credit: Comex and Geohot

How epic can a bug be if it is found by comex and then exploited by geohot? This exploited the Linux kernel to get root on the Samsung Galexy S5 and many Linux distributions.

This year’s Pwnie Awards takes place on Aug 6th, 2014 in Las Vegas at the BlackHat USA security conference. The judges will be meeting at an undisclosed location to the vote on the winners.

We wish the two teams all the best, and would like to thank them for bringing us such easy to use tools to jailbreak our iOS devices, and give us the ability to to do whatever you want with our device.

[via Pwnies [2] ]

Links
  1. ^ @KernelTool (twitter.com)
  2. ^ Pwnies (pwnies.com)

No comments:

Post a Comment

Search This Blog