Sunday, April 11, 2021

Pwn2Own Pays Hackers $480K in Bug Bounties

The annual Pwn2Own hacking contest is wrapping up after paying nearly half a million dollars in cash prizes. Researchers successfully hacked Firefox, Internet Explorer, Chrome, Java and Adobe plug-ins during the event.

Robert Lemos with eWeek reported, “Security researchers claimed nearly $500,000 in bounties for demonstrating previously unknown–or zero-day–attacks against all major browsers and three popular browser plugins at the annual Pwn2Own competition at the CanSecWest conference in Vancouver, British Columbia. The three-day contest, which ends on March 8, requires that security professionals play the role of attackers and compromise fully patched versions of popular browsers running on Windows 8 and Mac OS X. After a successful attack, which requires that the researcher gain control over the target system, the contestants must turn over the details of the vulnerability to Hewlett-Packard’s Zero Day Initiative (ZDI), which runs the competition. Those details are then passed to vendors to be patched.”

Computerworld’s Greg Keizer added, “A day after researchers hacked Chrome and Firefox at the Pwn2Own contest, Google and Mozilla patched their browsers Thursday. The contest also wound down yesterday after hackers had earned a record $480,000 over two days.”

TechSpot’s Jose Vilches noted, “No browser was left standing at this year’s Pwn2Own hacking contest. The latest versions of Microsoft’s Internet Explorer, Google’s Chrome, and Mozilla’s Firefox all succumbed to exploits on day one, with hackers targeting a variety of zero-day vulnerabilities on each browser and Windows to hijack the underlying computer.”

InformationWeek’s Matthew J. Schwartz observed, “But the prize money on offer is reportedly still a fraction of what a top-notch exploit commands on the open market. Accordingly, why bother participating? SecurityWeek’s Ryan Naraine put that question to Chaouki Bekrar, CEO of Vupen, which fielded employees who successfully exploited the latest version of Microsoft Internet Explorer 10 running on Windows 8, using an exploit that silently bypassed all built-in attack-mitigation techniques, including DEP and ASLR, as well as the IE10 sandbox. Bekrar replied that his goal was to advertise his business’s skill at creating ‘weaponized exploits.’ ‘The aim for us by coming here to Pwn2Own is to show that even the newest technologies, the newest operating systems, the newest browsers, can get pwned,’ he said.”

Similar articles

Latest Articles

The Conversational AI Revolution:...

One of the things I’m looking forward to seeing at next week’s NVIDIA GTC event is an update on their Conversational AI efforts. I’m fascinated...

Edge Computing

Edge computing is a broad term that refers to a highly distributed computing framework that moves compute and storage resources closer to the exact...

Data-Driven Decision Making: Top...

The phrase data-driven decision making – certainly popular in the field of data analytics – may seem redundant. After all, nearly everything is driven...

Top Performing Artificial Intelligence...

As artificial intelligence has become a growing force in business, today’s top AI companies are leaders in this emerging technology. Often leveraging cloud computing and...