Due to COVID-19 Pwn2Own passed in virtual environment

Due to the coronavirus pandemic this year, Pwn2Own was not quite ordinary: the largest hacking competition passed in a virtual environment.

Under normal circumstances, the event is part of the CanSecWest conference in Canada, but this time many researchers were unable or unwilling to come to Vancouver, thereby putting their health at risk. Recall, by the way, that cybercriminals are already actively using the theme of a pandemic. As a result, the competition was held in a virtual environment.

“The participants sent their exploits in advance to the organizers of Pwn2Own, Zero Day Initiative, and they launched the code during the live broadcast, which was attended by all participants”, – said the organizers.

For two days of the competition, the teams successfully compromised Windows, macOS, Ubuntu, Safari, Adobe Reader, and Oracle VirtualBox. After the competition respective companies were notified about all identified during the context bugs.

Recall in China passed a competition in China, which is essentially a clone of Pwn2Own. It went before the coronavirus epidemic and at Tianfu Cup competition, hackers cracked Chrome, Edge and Safari, earning more than $500,000.

On the first day of Pwn2Own 2020, researchers earned a total of $180,000. So, a team from the Georgia Institute of Technology and Security Lab has successfully executed macOS code through Safari. The exploit chain, which included running the calculator in Safari and escalating privileges to root (by combining six different vulnerabilities), earned them $70,000 and 7 Master of Pwn points.

Also on that day, rookie contestant Manfred Paul of the RedRocket CTF team earned $ 30,000 and 3 Master of Pwn points for a local privilege-based exploit aimed at Ubuntu Desktop. His exploit used the improper input problem.

Pwn2Own passed in a virtual environment
Final score table

True veterans of Pwn2Own, the Fluoroacetate team, which includes Amat Cama and Richard Zhu, have traditionally shown the class this year. Let me remind you that this team won the last three Pwn2Own competitions (in November and March 2019, as well as November 2018) and currently Kama and Zhu are considered one of the best hackers in the world and the most successful Pwn2Own participants. Last fall, they won a Tesla car at a competition and earned nearly $200,000.

On the first day of this spring Pwn2Own Fluoroacetate, they earned $40,000 and 4 Master of Pwn points for an exploit of local privilege escalation oriented to Windows 10. Zhu also received an additional $40,000 and 4 points in Master of Pwn for another privilege exploit, also oriented to Windows 10.

On the second day of the competition, the STAR Labs team received $40,000 and 4 Master of Pwn points for successfully demonstrating an exploit for VirtualBox, which led to the escape from the guest OS and the execution of arbitrary code on the host. The exploit was related to out-of-bounds reading and the uninitialized variable problem.

Amat Kama and Richard Zhu earned another $50,000 and 5 points for Master of Pwn for demonstrating hacking using the use-after-free vulnerabilities in Adobe Reader and the Windows kernel.

Synacktiv team tried to hack VMware Workstation, but their attempt was unsuccessful. At the end of the day, a representative of the Zero Day Initiative held a special demonstration out of competition: a guest escaping to a host in VirtualBox.

As a result, this time the Fluoroacetate team was again the winner of the contest, and the contestants in total earned $270,000.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Check Also

three Iranian hackers

US Department of Justice accuses three Iranian hackers of hacking aerospace companies

The US Department of Justice has filed charges in absentia against three Iranian hackers suspected …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.