How secure is your cellphone? A group of young Chinese hackers have shown it could be an open book by cracking a Google Nexus and an iPhone within 10 seconds at a global competition, once again triggering public concern over the safety of mobile devices and applications.
The Keen Security Lab, also called the Keen Team, affiliated with Internet giant Tencent Holdings, won $215,000 by hacking into a Nexus 6P in just 10 seconds and an iPhone 6s within an astonishing 8 seconds to claim the title of Master of Pwn at Mobile Pwn2Own 2016 at the PacSec security conference on October 26 in Tokyo.
A Tencent public relations employee told the Global Times that the two attacks are reportedly the first time Chinese hackers have attacked these devices. According to the employee, the competition mainly aims to test the security of mobile operating systems, cellphone browsers and applications. Apple's iOS 10 and Google's Android 7.0, which are safer than previous systems, increased the difficulty of this competition but were ultimately no real barrier to the hackers.
The Keen Team were also the first to successfully install malware on the Google Nexus 6P and therefore won $102,500. They also attempted to install malware on the iPhone 6s but it did not remain when the cellphone was rebooted. Finally the hackers succeeded in stealing photos from iPhone 6s by exploiting two vulnerabilities in iOS system.
As China is stepping up its efforts to safeguard cyber security and fight against cyber crimes, many "white hat hackers," who hack into restricted systems and networks to assess their defenses and release reports on any vulnerabilities, have exerted more important influence and gradually come into the spotlight.
Student stars
For more than 10 years, the Keen Team has exposed hundreds of vulnerabilities for technology companies such as Google, Microsoft and Apple. In September, the lab successfully hacked into a Tesla car, revealing many vulnerabilities and handing the data to the company.
Apart from the Keen Team, X-lab,which is under Chinese search engine giant Baidu Inc, is also dedicated to revealing weaknesses on companies' websites. Huang Zheng, a security expert at X-lab, told the Global Times that he submitted six loopholes to Microsoft last year and ranked 61 in Microsoft Security Response Center Top 100 list. This year, he climbed to the eighth spot and has submitted more than 40 loopholes in the last two years.
"Windows accounts for a huge proportion of the market and even one vulnerability could lead to an enormous effect. Many malicious hackers are willing to pay high prices, for example $50,000, to buy the company's loopholes," said Huang.
Besides professional white hat hackers, college students have also been an important force in the country's cyber security battle. One of the most influential teams is the Azure Assassin Alliance (AAA) Team from Zhejiang University, one of China's most prestigious schools in East China's Zhejiang Province.
According to the Qianjiang Evening News, the AAA Team has gathered the university's most talented hackers who major in mathematics, biology and electronic engineering.
Tech talents
"The outstanding achievements of Chinese hackers shows that the young generation is capable of safeguarding the country's cyber security. Their talents could further promote China in cyberspace peaceful development," cyber security expert Qin An told the Global Times.
Yan Hanbing, an expert from the National Computer Network Emergency Response Technical Team Coordination Center, said at the China Internet Security Conference in August that more than 200,000 vulnerabilities have been found since 2009, a significant chunk of which were uncovered by white hat hackers.
"Along with the booming of the Internet, the market also needs public efforts to safeguard cyber security. It cannot stop hackers from revealing vulnerabilities and white hat hackers have greatly contributed to the safety of Internet development," Xie Yongjiang, a professor at the Beijing University of Posts and Telecommunications, told the Global Times.
China's top legislature on Monday adopted a law to safeguard sovereignty on cyber space, national security and the rights of citizens. In the law, it stresses the need to launch a nationwide cyber security talent training, adding that the government will support enterprises, universities and vocational schools in this drive.
However, the ambiguous legal standing of these hackers was revealed when a white hat hacker was arrested on suspicion of stealing information earlier this year. Many Internet security insiders have argued that whether or not all kinds of hacking, even benevolent hacking, should be banned needs further public discussion. Some Chinese Internet security experts have called for the government to define the legal status of white hat hackers as soon as possible.
