Safari, Edge, and Firefox were the favorite targets of white hat hackers in the world’s most popular competitive hacking competition Pwn2Own 2018 held over the past two days in Vancouver, Canada.
The hackers took home $267,000 of the total $2 million prize money, which is much less than the usual amount that other hackers have won in such contests in recent years.
Contest marked by controversy
The competition was marked by controversy, as Chinese researchers withdrew after the Chinese government took steps to discourage safety researchers from participating in Pwn2Own and other similar contests.
Government officials argued that they did not want Chinese researchers to share vulnerabilities and exploit information to third parties in foreign countries, encouraging researchers to report defects to vendors directly.
No Chinese researchers participated in the competition, even if Chinese research teams dominated and won almost every recent Pwn2Own competition. However, the contest continued as scheduled, although with fewer contestants than in previous years.
Richard Zhu wins Pwn2Own 2018
Richard Zhu (@fluorescence) won the contest by scoring 12 points for hacking Edge and Firefox. Zhu took home $120,000 of the total prize of $267,000 awarded at the event. Each researcher also has to keep the laptop with which they tested their exploits.
Products such as Oracle VirtualBox, VMware Workstation, Microsoft Hyper-V Client, Chrome, Safari, Edge, Firefox, Adobe Reader, Microsoft Office 365 ProPlus, Microsoft Outlook, NGINX, Apache Web Server, Microsoft Windows SMB and OpenSSL were available for hacking, with the highest award of $250,000 for an isolated space leak to hypervisor or kernel for the Microsoft Hyper-V virtual machine client.
Each contestant had 30 minutes and three attempts to run a successful exploit on a test computer. The contestants received points according to the type of exploits they used.
Related posts:
Leave a Reply