November 14, 2018 |

Researchers identify zero-day vulnerabilities in Xiaomi Mi6, Samsung Galaxy S9

Team from F-Secure's MWR Labs demos exploits for previously undisclosed vulnerabilities at Mobile Pwn2Own competition

Helsinki, Finland – November 14, 2018: Researchers from F-Secure’s MWR Labs successfully demonstrated attacks leveraging zero-day vulnerabilities in different smart phones at the Mobile Pwn2Own competition in Tokyo. The team competed in four different categories at the event, and successfully demonstrated unpublished exploits for the Xiaomi Mi6 and Samsung Galaxy S9 smart phones.

The research team consisted of F-Secure’s MWR Labs’ Rob Miller, Georgi Geshev, and Fabian Berteke. And according to F-Secure Managing Director Ed Parsons, the team’s discoveries add to MWR Labs’ successful Pwn2Own track record, and exemplify how the competition helps consultants learn so they can offer better protection to customers.

“We use research to push the boundaries of the cyber security industry, helping our clients predict, protect, detect and respond to modern cyber attacks,” said Parsons. “Pwn2Own is a great opportunity to develop and test ourselves while helping to secure technology many of us rely on. We’re very proud of the team’s latest win and their overall track record in the competition.”

Teams from MWR Labs have demonstrated zero-day attacks against devices from Huawei and Samsung in past Pwn2Own competitions, as well as Apple’s Safari and Google’s Chrome web browsers.

Pwn2Own is a competition organized by the Zero Day Initiative where security researchers compete to exploit popular devices by using previously undisclosed (zero-day) vulnerabilities. The competition is held twice a year, with one event focusing on desktops and another focusing on mobile devices. Internet-of-things devices were also included in this year’s mobile competition.

According to F-Secure President and CEO Samu Konttinen, competing in events like Pwn2Own help experts learn to apply creativity and innovative thinking to security research, which ensures they stay a step ahead of attackers.

“Competitions like this give us an opportunity to demonstrate the creativity and innovation we bring to cyber security. That reassures current and potential customers that the human expertise powering our services and solutions is going to help their defenses stay a step ahead of even the most advanced adversaries,” said Konttinen. “I’m thrilled with the inventiveness that MWR Labs has shown with this research, and I can’t wait to see what our world-class security professionals will come up with next.”

All vendors have been made aware of the vulnerabilities and are now working to patch them. Advisories will be published once patches become available.


More information
MWR Labs

About F-Secure
Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com twitter.com/fsecure | facebook.com/f-secure

F-Secure media relations
Adam Pilkey
+358 40 637 8859

Latest Press Releases

September 12, 2019

Attacks using IoT devices and Windows SMB escalate in 2019

F-Secure’s global honeynet measured twelve times more attack events in H1 2019 than in H1 last year.

September 5, 2019

F-Secure Countercept continues to win trust from US enterprises

F-Secure Countercept, an award-winning managed detection and response (MDR) solution from cyber security provider F-Secure, has won the trust of another US-based enterprise in a new deal.

August 30, 2019

F-Secure joins Broadband Forum to help shape Connected Home security standards

F-Secure will contribute to the industry standardization work in the hope that the growing momentum around Connected Home and improved Home Broadband Experience is enhanced with suitable security and privacy forethought

August 9, 2019

Serious security issue in F5’s BIG-IP could lead to cyber breaches en masse

F-Secure security consultant Christoffer Jerkeby discovers security flaw with the potential to turn hundreds of thousands of load balancers into beachheads for cyber attacks

%d bloggers like this: