China's largest hackathon sees Windows 10, iOS 14, Chrome, and more hacked

midian182

Posts: 6,182   +51
Staff member
What just happened? You might not have heard of China’ Tianfu Cup, but it’s a big deal in the world of white hat hackers. The third edition of the country’s largest hackathon took place over the weekend, which saw many prominent pieces of software, including Windows 10 and iOS 14, compromised using original exploits.

ZDNet writes that fifteen teams of hackers took part in this year’s event. Each group is allowed three five-minute attempts at hacking into a selected target, with researchers winning cash prizes based on the difficulty of the chosen target and the type of vulnerability.

“Many mature and hard targets have been pwned on this year’s contest. 11 out of 16 targets cracked with 23 successful demos,” tweeted the TianfuCup account.

Successfully hacked targets included:

  • iOS 14 running on an iPhone 11 Pro
  • Samsung Galaxy S20
  • Windows 10 v2004 (April 2020 edition)
  • Ubuntu
  • Chrome
  • Safari
  • Firefox
  • Adobe PDF Reader
  • Docker (Community Edition)
  • VMWare EXSi (hypervisor)
  • QEMU (emulator & virtualizer)
  • TP-Link and ASUS router firmware

Researchers had the opportunity to grab up to $1.21 million from an available prize pool. For the second year in a row, the most successful team came from Qihoo 360, a Chinese internet security company known for its antivirus software. The “360 Enterprise Security and Government and (ESG) Vulnerability Research Institute” winners walked away with $744,500, beating second-place AntFinancial Lightyear Security Lab and security researcher Pang, who was third.

The Tianfu Cup follows many of the rules used by the Pwn2Own competition—the former was set up in 2018, a few months after the Chinese government banned security researchers from participating in the latter.

As with Pwn2Own, successful exploits are reported to software vendors once the competition ends so the vulnerabilities can be patched.

Permalink to story.

 

R00sT3R

Posts: 327   +807
No doubt a good recruiting ground for the CCP state sponsored hacker groups...not that they'd have much choice as to whether to 'offer' their services to the state, unless they and their family want a 4am wake up call with the door being kicked in and them dragged away.
 
Last edited:

durtim

Posts: 8   +4
No doubt a good recruiting ground for the CCP state sponsored hacker groups...not that they'd have much choice as to whether to 'offer' their services to the state, unless they and their family want a 4am wake up call with the door being kicked in and them dragged away.
As well as to ensure local homegrown talent for their companies like Tencent, Alibaba etc. ALL superpowers do this from US, to UK, to CHINA, FRANCE etc. And don't pretend that the US especially doesn't do this, China wants to decouple from the US so expect more of things like these that develop homegrown alternatives to US alternatives.

Not everyone in China works for the Party same as not everyone in US works for the White House, it's like saying everyone that works at Microsoft works for your Ministry of Defence because of the Jedi contract, would that make sense?
 

eforce

Posts: 80   +70
..You do if you're told too and want to progress. It's still a ruthless dictatorial regime, where people disappear for not towing the line, no matter what gloss they try and put on it to the outside world. And they rely on Western naivety to get away with it.
Hopefully the CCP is content to terrorising it's own citizens and leaves the rest of the world alone.
 
  • Like
Reactions: psycros

madboyv1

Posts: 1,626   +516
..You do if you're told too and want to progress. It's still a ruthless dictatorial regime, where people disappear for not towing the line, no matter what gloss they try and put on it to the outside world. And they rely on Western naivety to get away with it.
Hopefully the CCP is content to terrorising it's own citizens and leaves the rest of the world alone.
somethingsomething "Western naivety" somethingsomething. :p
 

psycros

Posts: 3,230   +3,474
The reason its nearly all college kids is because the veteran hackers all work for the government.
 

duckofdeath

Posts: 54   +34
If I understand this correctly, the results are not published to the affected vendors? So, it's basically outsourced state-based exploiting?
 
  • Like
Reactions: ron baer

Bp968

Posts: 195   +144
As well as to ensure local homegrown talent for their companies like Tencent, Alibaba etc. ALL superpowers do this from US, to UK, to CHINA, FRANCE etc. And don't pretend that the US especially doesn't do this, China wants to decouple from the US so expect more of things like these that develop homegrown alternatives to US alternatives.

Not everyone in China works for the Party same as not everyone in US works for the White House, it's like saying everyone that works at Microsoft works for your Ministry of Defence because of the Jedi contract, would that make sense?
The guy who works at Microsoft can quit and go to the media and complain about how evil the US government is and demand Microsoft not work for them anymore.

How is that working out for folks in Hong Kong right now? Yup, China and the USA are exactly the same.

But hey, if I had to worry about the FBI kicking in my door or my relatives doors because I didn't say "USA #1" everytime I had the chance online, well I'd probably toe the party line too.

See that's the wonderful result of aggresive state censorship. Even if you *truely* believe "China #1" and that they are the greatest, no one will believe you because we all know what happens to anyone who loudly dissents against the CCP.

When a country cracks down on dissenters and constantly tells the world canned propaganda, it poisons the well so that even when real positive achievements come out of the country its just more noise lost in the propaganda. Heck, even scientists are starting to put asterisks in their published papers pointing out when data comes from China in regards to issues China finds sensitive, and the paper says the data from "those" sources may not pass muster.
 
Yes sir, just look at Edward Snowden, told the truth and now lives in Russia, I think you want to check your realities on freedom!
The guy who works at Microsoft can quit and go to the media and complain about how evil the US government is and demand Microsoft not work for them anymore.

How is that working out for folks in Hong Kong right now? Yup, China and the USA are exactly the same.

But hey, if I had to worry about the FBI kicking in my door or my relatives doors because I didn't say "USA #1" everytime I had the chance online, well I'd probably toe the party line too.

See that's the wonderful result of aggresive state censorship. Even if you *truely* believe "China #1" and that they are the greatest, no one will believe you because we all know what happens to anyone who loudly dissents against the CCP.

When a country cracks down on dissenters and constantly tells the world canned propaganda, it poisons the well so that even when real positive achievements come out of the country its just more noise lost in the propaganda. Heck, even scientists are starting to put asterisks in their published papers pointing out when data comes from China in regards to issues China finds sensitive, and the paper says the data from "those" sources may not pass muster.
 
  • Like
Reactions: Avro Arrow

Avro Arrow

Posts: 374   +393
Yes sir, just look at Edward Snowden, told the truth and now lives in Russia, I think you want to check your realities on freedom!
That's a great point and there is no arguing it. I would say however that while Snowden would be imprisoned in the USA, I don't believe that he'd even make it to a cell in China, let alone a trial. There's no doubt that the USA is not the free country that it used to be, hell, I'd even say that it's become "fascist-lite" but it's nothing like China. At least, not yet.
 

durtim

Posts: 8   +4
That's a great point and there is no arguing it. I would say however that while Snowden would be imprisoned in the USA, I don't believe that he'd even make it to a cell in China, let alone a trial. There's no doubt that the USA is not the free country that it used to be, hell, I'd even say that it's become "fascist-lite" but it's nothing like China. At least, not yet.
This is quite a funny take, I precisely remember Azerbaijan's president shutting down a BBC reporter over this same issue, just not Snowden but Assange.

This idea of America good, China bad is very unnuanced.
 
  • Like
Reactions: Avro Arrow

durtim

Posts: 8   +4
The guy who works at Microsoft can quit and go to the media and complain about how evil the US government is and demand Microsoft not work for them anymore.

How is that working out for folks in Hong Kong right now? Yup, China and the USA are exactly the same.

But hey, if I had to worry about the FBI kicking in my door or my relatives doors because I didn't say "USA #1" everytime I had the chance online, well I'd probably toe the party line too.

See that's the wonderful result of aggresive state censorship. Even if you *truely* believe "China #1" and that they are the greatest, no one will believe you because we all know what happens to anyone who loudly dissents against the CCP.

When a country cracks down on dissenters and constantly tells the world canned propaganda, it poisons the well so that even when real positive achievements come out of the country its just more noise lost in the propaganda. Heck, even scientists are starting to put asterisks in their published papers pointing out when data comes from China in regards to issues China finds sensitive, and the paper says the data from "those" sources may not pass muster.
Lol, Assange is not even American yet faces extradition trial in UK at America's request, the lady that leaked info where did she go. Snowden? Sounds familiar? Again it's pretty well known this is about money and influence not necessarily values, or it's projection. China breaks that mould by not kneeling at America's request.

I'm not pro-China, my Country is going to stay far away from this because it doesn't concern us but the hypocrisy in the West usually stinks, it could always be worse of course.
 

durtim

Posts: 8   +4
'm sure if you were an Uighur interned in one of China's "re-education camps", you'd be less concerned with nuance and more with reality.
Lol, I don't know which reality you live in but there are literally thousands of such scenarios littered around this earth we live in, of course you can also point out that it happens to different degrees. I don't support China to be sure but let me ask why does the one is China require such attention? What makes them more special? In case you don't know the US works with dictators and funds their armies as we are speaking, I can name three of thr top of my head Sisi, Musveni, Kagame that don't allow dissent. Kaggoshi(couldn't spell it correctly) was killed by who in the ME? Who is still working with and supporting said person? You don't want to open this can of worms please. Geopolitics is inherently complicated and those living in glass houses shouldn't throw stones also if you don't know **** stfu eh?🤨
 

Endymio

Posts: 1,079   +900
In case you don't know the US works with dictators and funds their armies as we are speaking, I can name three of thr top of my head Sisi, Musveni, Kagame...
To address just one of those: Musveni is far, far better than Idi Amin, the man he replaced, nor does the US "fund his army". The US gave a little more than $400M in aid to Uganda in 2019, nearly all of which was spent on health-improvement and economic initiatives.

Uganda may not be perfect, but it is not performing cyberattacks and industrial espionage against nations around the world, nor is it claiming vast stretches of the open sea, and building a nuclear-armed military which by the statements of its own leaders, is intent on expanding their borders by force. Nor do they have a million plus people in internment camps, nor do they kill prisoners to harvest their organs. And they have yet to engineer a worldwide pandemic, either.

Kaggoshi(couldn't spell it correctly) was killed by who in the ME?
Khashoggi was hardly the innocent journalist as he is portrayed. He was an ex member of the Saudi intelligence services, who was reportedly passing secret information to the Muslim Brotherhood, which the Saudis consider a terrorist organization working to overthrow their government. Yes, he was assassinated ... but if you're going to run with the wolves, don't complain of sore feet.
 

durtim

Posts: 8   +4
To address just one of those: Musveni is far, far better than Idi Amin, the man he replaced, nor does the US "fund his army". The US gave a little more than $400M in aid to Uganda in 2019, nearly all of which was spent on health-improvement and economic initiatives.

Uganda may not be perfect, but it is not performing cyberattacks and industrial espionage against nations around the world, nor is it claiming vast stretches of the open sea, and building a nuclear-armed military which by the statements of its own leaders, is intent on expanding their borders by force. Nor do they have a million plus people in internment camps, nor do they kill prisoners to harvest their organs. And they have yet to engineer a worldwide pandemic, either.


Khashoggi was hardly the innocent journalist as he is portrayed. He was an ex member of the Saudi intelligence services, who was reportedly passing secret information to the Muslim Brotherhood, which the Saudis consider a terrorist organization working to overthrow their government. Yes, he was assassinated ... but if you're going to run with the wolves, don't complain of sore feet.
When I said funding, I didn't imply that the US pays for the fundung whole of the army mind you. About Uganda, it's literally too small to do all those you mention and dictators of those calibres are actually too small minded to think past their little feifdoms. So yes he isn't doing what you mention at scale, he has other worries. Should we also talk about the Clandestine hackings that the US has definitely carried out? Assange? Snowden? The US literally sanctioned the prosecutor of the International Criminal Court and Someone who worked with her(can't remember the name) because their investigations came to close to home, don't want the skeletons revealed now do we?. My point is, those who live in glass houses shouldn't throw stones. Let's call it what it is, the US doesn't like the fact that China's rising influence challenges it's hegemony and wants to curtail that, it's not about values, it's about power, influence and who can bulky who.
 

Endymio

Posts: 1,079   +900
The US doesn't like the fact that China's rising influence challenges it's hegemony and wants to curtail that, it's not about values, it's about power, influence and who can bulky who.
Comparing the human rights situations in the US and China is absurd. China has an army of 600,000 people working day and night to censor the Internet. The US has none. China has a million+ citizens in concentration camps. The US has none. China has forcibly taken land from several bordering nations, and is threatening to do more. The US has not, and is not.

The US gives hundreds of billions of dollars in overseas aid, with no strings attached other than that the aid be used for specific projects meant to benefit the health, economy, or human-rights situation in the receiving nation. China gives money only in exchange for benefits to China -- control over resources, mines, seaports, etc.

No where is the distinction between the two nations seen more starkly than the South China Sea, where China has claimed control over millions of square kilometers of the open sea, including areas 1000+ km away from China itself, areas immediately offshore of a dozen plus other nations. China is building a vast network of military bases and artificial islands to cement its control over an area through which 30% of world trade passes. The US is fighting to prevent that -- not to benefit itself, but to support and maintain international law and open navigation on the high seas.

Do you really believe it's only the US worried about Chinese cyber warfare, industrial espionage and military expansionism? Alarm bells are going off all around the world, and nations which had previously signed long-term arrangements with China are now cancelling or reconsidering them.
 

durtim

Posts: 8   +4
Do you really believe it's only the US worried about Chinese cyber warfare, industrial espionage and military expansionism? Alarm bells are going off all around the world, and nations which had previously signed long-term arrangements with China are now cancelling or reconsidering them.
So much to unpack in your statement, "The US gives hundreds of billions of dollars in overseas aid, with no strings attached", I'm not going to go into this because I won't know where to start from and I don't want to go off ranting.

"The US is fighting to prevent that -- not to benefit itself, but to support and maintain international law and open navigation on the high seas." This is very rich from the country that sanctioned the head prosecutor of the International Criminal Court and one of the assistants.

"Do you really believe it's only the US worried about Chinese cyber warfare, industrial espionage and military expansionism? Alarm bells are going off all around the world" Let's ignore the hackings that the US has done in the name of "national security" , I assure you that many people put China and US on the same plate, slight differences in values at HOME yes, outside? not so much. China is filling a void for many countries that the US can't or won't. That is also a part what fuels China's rise.

The US doesn't have as much mindshare outside of Europe as you seem to think, ANYWAYS I'm out, have a nice days, we've pretty much left the main topic of discussion to go into geopolitics, which is complicated, Ciao😊
 

Avro Arrow

Posts: 374   +393
This is quite a funny take, I precisely remember Azerbaijan's president shutting down a BBC reporter over this same issue, just not Snowden but Assange.

This idea of America good, China bad is very unnuanced.
Honestly, I think that Snowden's leaks have stopped certain plots in their tracks, saving lives. The man's a hero for that and US government seems hell-bent on making a martyr out of him. I do however think that China would have had him assassinated, something that the USA hasn't done so I do think that they deserve credit for that.

Any time that I hear something that isn't nuanced, I know that it's BS because everything is nuanced to some degree (well, except Trump claiming that he beat Biden...LOL).
 

Endymio

Posts: 1,079   +900
Honestly, I think that Snowden's leaks have stopped certain plots in their tracks, saving lives.
Yes, if it wasn't for Snowden, we would have never known that Obama DNI James Clapper lied to Congress when he testified under oath that the NSA doesn't collect data on US citizens. I would say it's a mystery why he wasn't prosecuted for that crime ... but when you look at who was running the FBI and the Justice Department then, it all becomes clear.