Hackers Highlight Vulnerabilities of Leading Smart Devices

Smart devices and game engines used by millions of consumers, including Value Source, Huawei P9 Lite and PlayStation 4, were hacked by security experts at GeekPwn 2016, a hacking festival organized by advanced security engineering company KEEN and held simultaneously in Shanghai, China and Silicon Valley in the United States.

A total of 58 top security professionals from China, the United States, Russia and Singapore attended the event, including Open AI scientist Ian Goodfellow, legendary hacker Geohot, and CTF team Shellphish. At GeekPwn 2016, the attendees try to access or control various devices, reveal vulnerabilities and bugs, and warn related firms to fix them.

Smart devices were found to be less secure than previously thought. The top prize of about $50,000 (350,000 RMB) went to Nick Stephens from Shellphish, who discovered a chain of bugs in the Trust Zone of Huawei P9 Lite. Nick's exploitation successfully gained root privileges on the phone and executed remote code in Huawei's Trusted Execution Environment. With these vulnerabilities, hackers may be able to not only access sensitive data, but also get control of top authority operations like payment. These vulnerabilities can also be leveraged to exploit other models of the Huawei P-series including Huawei P8. Any Huawei devices using the Trust Zone code are likely vulnerable.

This kind of competitive security research is critical to the establishment of trust in the IoT industry, and has been a part of the IT security landscape for as long as we’ve had computers. More of these hackathons and white hat hacker events are needed, and their successes reported. As more vulnerabilities are fixed and patched, new ones become harder to find and the whole industry earns greater consumer and industrial trust. And therefore, it grows.

Hack on, you crazy diamonds.