What are some Recommended Hacking Contests

Hacker competition Pwn2Own: Firefox, Edge and Safari are falling like flies

In two days, hackers from many parts of the world attacked various applications, browsers, virtual machines and Windows and achieved some success. At the annual Pwn2Own competition, hackers exploit zero-day vulnerabilities under time pressure for a good cause. If that works, the participants collect rewards. The developers of the cracked software then have 90 days to close the loopholes.

This year the pot was filled to the brim with two million US dollars. The organizer Trend Micro distributed "only" 267,000 US dollars. One of the reasons for this could be that the Chinese government has recently banned security researchers from its own country from participating in hacking competitions. In the past, Chinese security researchers have often dominated the competition.

Last second hack

The winner this year was by far the security researcher Richard Zhu. He has successfully attacked and taken over Microsoft's Edge and Mozilla's Firefox. For the Firefox attack, Zhu combined two memory errors. First it provoked an out-of-bounds error in the web browser and then it triggered a memory error (integer overflow) in the Windows kernel. Then Firefox was at his feet. This challenging combination earned him $ 50,000.

Edge fell victim to Zhu extremely narrowly: It was only in the third and last attempt that he was able to successfully obtain higher rights and break the web browser 37 seconds before the clock ran out. However, he bit his teeth on Safari. Here his competitor Samuel GroƟ was successful. Zhu has pocketed a total of US $ 120,000. If a hack works, the participant can keep the hacked device. The main winner can also decorate himself with the Master-of-Pwn jacket.

Overall, this year's Pwn2Own hackers successfully exploited five Apple bugs, four Microsoft vulnerabilities, two Oracle vulnerabilities and one Mozilla bug. With 250,000 US dollars, the highest prize money was announced for breaking out of the sandbox of Microsoft's Hyper-V virtualization solution. However, that didn't work out this year.

Participants have three attempts and 30 minutes to complete their hacks. The organizer states that it will also pay premiums if an attack was only partially successful. The Pwn2Own competition takes place as part of the CanSecWest security conference in Vancouver, Canada.

There is now also a mobile offshoot of the competition. Hackers use the latest smartphones there.

[UPDATE March 19, 2018 11:10 am]

Details on attacks added in the body text. (of)

Read comments (47) Go to homepage
Ad ad