24 Mar, 2011

Exploitable Mobile App Challenge

by Ken Johnson

Today, we are announcing our first annual mobile application security competition: the Exploitable Mobile App Challenge!!

We are calling on hackers, mobile developers, forensic analysts, incident responders, and quite simply anyone interested in security to introduce as many clever, sneaky, and downright evil vulnerabilities into a mobile application as possible.  The competition will focus on Android and iOS applications as these platforms represent the greatest share of the mobile market.  With the number of mobile application vulnerabilities and attacks increasing every day, this is a great opportunity to show off your skills and expertise (and win really cool prizes).  The submissions will be judged based on criteria such as creativity, difficulty of vulnerabilities, total number of vulnerabilities, and the number of platform features used.  Bonus points for demonstrating new attack vectors that stump the judges. You are allowed to submit up to 2 applications for each platform but any duplicate vulnerabilities across applications/platforms will be counted a single time.  Back end web services that the mobile applications communicate with are welcome as well.

All submitted applications will be donated to the  OWASP Mobile Security Project in order to compile a fully open-sourced collection of insecure applications that can be used to educate the community on mobile vulnerabilities.  While this is not an officially sanctioned OWASP initiative, we believe in OWASP’s mission and think that this is an excellent opportunity to give back to the security community.

We will be posting more details within the coming days including the official judging criteria and announcing the all-star panel of judges.  The competition is scheduled to kick off on April 4, 2011.  If you think you have what it takes to join our all-star panel of judges, please click here to contact us and tell us a little bit about yourself and your expertise with mobile application security and development.

The stuff to really get everyone excited though is the prizes: an  iPad 2  for the winner in the iOS category, and a  Motorola Xoom  for the winner in the Android category.  Everyone that submits an application will also receive a complimentary t-shirt and additional “swag”

Everyone is encouraged to spread the word and start thinking about innovative scenarios for building exploitable mobile apps.  We want to see the best of the best!