Skip to main content

Chen

See All Stories

Contestants at Pwn2Own take down Safari, but said OS X security is better than other systems

<a href="http://www.pwn2own.com/photo-gallery/#prettyPhoto[]/13/">Pwn2Own</a>

As usual, the annual Pwn2Own contest featured many hackers targeting the latest operating systems and browsers from the major vendors, including Apple. Threatpost reports that the “Keen Team” focused Safari on Thursday and exploited it with relative ease.

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.


Expand
Expanding
Close

Site default logo image

Blind Chinese dissident at NYU given iOS devices loaded with tracking software and spyware


not an iPad

Reuters has an interesting story on Chinese dissident/activist Chen Guangcheng who currently is at NYU on a Fellowship. Apparently he was given an iPhone and an iPad with tracking and spying software aboard.

The devices were screened by NYU technicians within a few days and were found to have been loaded with hidden spying software, said Cohen, who arranged the fellowship for Chen at NYU Law School, helping defuse a diplomatic crisis between the United States and China after Chen took refuge in the U.S. Embassy in Beijing.

“These people supposedly were out to help him and they give him a kind of Trojan horse that would have enabled them to monitor his communications secretly,” said Cohen.

The iPad was eventually cleaned up and returned to Chen at his request, the second source said.

NYU is pointing the finger at Heidi Cai, the wife of activist Bob Fu who gave Chen the iOS devices (along with other electronics).

Among the first visitors in May 2012 to the New York apartment Chen had moved into with his family after a dramatic escape from house arrest in China was Heidi Cai, the wife of activist Bob Fu. She brought an iPad and iPhone as gifts.

In examining the iPad and the iPhone, [NYU] found software that allowed a third party to secretly connect to an inbuilt global positioning system, essentially turning a device into a tracking device, said the second source. The technicians also found hidden, password-protected software that backed up the contents to a remote server, the source added.

“It’s perfectly consistent with their desire to manipulate and control the situation and know whatever confidential advice he is getting,” [NYU’s] Cohen said.

Bob Fu is of course denying the accusations, saying that it is some sort of “007 thing”.

Asked about the gadgets, Fu told Reuters that his wife had given two Apple devices to Chen shortly after the dissident had settled in New York. Fu runs a Christian group called ChinaAid that supports underground churches in China and victims of forced abortions.

“This is the first time I’ve heard of spyware,” said Fu, who was in southeast Asia when his wife delivered the devices. He called the allegations “ridiculous” and “like a 007 thing.”

“We knew that the first thing after they arrived, they’d want to call their family members, so we wanted to provide communication devices, iPhone and iPad,” Fu said by telephone from Texas.

Chen is accusing NYU of forcing him out of his fellowship due to pressure from the Chinese government which is also allowing NYU to build a campus in Shanghai. So really, everyone is a suspect.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications