TechSpot means tech analysis and advice you can trust. Read our ethics statement.
TippingPoint has announced the fifth annual Pwn2Own competition, an event that challenges hackers to find security flaws in software such as web browsers. Pwn2Own 2011 will take place on March 9, 10 and 11 in Vancouver, BC during the CanSecWest conference and the contest is backed by a $125,000 prize pool that will be distributed among participants who successfully exploit applications. TippingPoint will front $105,000 of the prize money, while the remaining cut comes courtesy of Google.
On day one, contestants will have a chance to win Google's $20,000 prize along with the CR-48 running ChromeOS by hacking the company's Chrome browser. Participants will have to escape the browser's sandbox using vulnerabilities solely within Google-written code. If that proves too challenging, things will be tamed down on the following days. Event organizer ZDI will offer $10,000 for escaping the sandbox using non-Google code and Google will grant $10,000 for finding a bug in Chrome.
Competitors who successfully exploit Internet Explorer, Safari or Firefox will bag a $15,000 cash prize as well as a laptop. Hackers will also get an opportunity to have their way with various mobile phone platforms including iOS on an iPhone 4, Windows Phone 7 on a Dell Venue Pro, Blackberry 6 on a Blackberry Torch 9800, and Android on a Nexus S. Successfully compromising any of those targets will secure the participant $15,000 in cash, the device itself, and 20,000 ZDI reward points.
It's worth mentioning that Chrome went unscathed during Pwn2Own 2010, while Safari, Internet Explorer 8 and Firefox were all compromised in the first day. Participants received $10,000 for exploiting browsers last year, so it should be interesting to see if Google's sponsored $20,000 cash prize leads to the exploitation of Chrome this year. That's quite the sum when compared to the company's usual $3,133.70 reward for discovering critical vulnerabilities in Chrome – a bounty that is rarely claimed.