What just happened? You might not have heard of China’ Tianfu Cup, but it’s a big deal in the world of white hat hackers. The third edition of the country’s largest hackathon took place over the weekend, which saw many prominent pieces of software, including Windows 10 and iOS 14, compromised using original exploits.
ZDNet writes that fifteen teams of hackers took part in this year’s event. Each group is allowed three five-minute attempts at hacking into a selected target, with researchers winning cash prizes based on the difficulty of the chosen target and the type of vulnerability.
“Many mature and hard targets have been pwned on this year’s contest. 11 out of 16 targets cracked with 23 successful demos,” tweeted the TianfuCup account.
Successfully hacked targets included:
- iOS 14 running on an iPhone 11 Pro
- Samsung Galaxy S20
- Windows 10 v2004 (April 2020 edition)
- Adobe PDF Reader
- Docker (Community Edition)
- VMWare EXSi (hypervisor)
- QEMU (emulator & virtualizer)
- TP-Link and ASUS router firmware
Researchers had the opportunity to grab up to $1.21 million from an available prize pool. For the second year in a row, the most successful team came from Qihoo 360, a Chinese internet security company known for its antivirus software. The “360 Enterprise Security and Government and (ESG) Vulnerability Research Institute” winners walked away with $744,500, beating second-place AntFinancial Lightyear Security Lab and security researcher Pang, who was third.
The Tianfu Cup follows many of the rules used by the Pwn2Own competition—the former was set up in 2018, a few months after the Chinese government banned security researchers from participating in the latter.
As with Pwn2Own, successful exploits are reported to software vendors once the competition ends so the vulnerabilities can be patched.