China’s Top Hackers Uncover Threats in iOS, Windows 10, and Chrome Among Many Others

Must Read

Google Just Got Super Smart: Launches The Knowledge Graph

If there is one product on the Internet that has had absolutely no competition whatsoever, it is Google Search....

E-Commerce Industry In India Worth $13.5 Billion In 2014: Will Cross $16 Billion In 2015

According to the latest report by IAMAI and IMRB International, the eCommerce industry in India reached a value of INR 81,525...

When A Guy Bought Google Domain For Rs 415 And Pulled The Search Engine Down!

Google is the world’s biggest search engine and it has got its own country-specific domains for almost every nation....

In the third edition of China’s national ethical hacking contest, the Tianfu Cup, the country’s top hackers uncovered and exploited existing but unknown threats and vulnerabilities in the software of widely used software products including iPhone, Microsoft Edge, Google Chrome, etc.

Ethical hacking contests might come as a surprise to some. Such contests are held both nationally and internationally. They can be a component of Capture The Flag events, in which hacking (breach or exploitation) is one aspect of the challenges presented, or can be bug bounty programs, like the Tianfu Cup.

The contest spanned over two days taking up the first full weekend of November. A total of 15 teams participated, including several teams from Qihoo 360, a Chinese tech giant that has an excellent track record when it comes to such competitions.

Advertisements

All contestants were given 3 tries of 5 minutes each to target a software of their choice with an exploit they had engineered themselves. In total, there were 16 targets the teams had picked, out of which 11 were successfully hacked into.

On the first day, most contestants carried out exploits against major browsers. These included Google Chrome, Microsoft Edge, and Safari. Vulnerabilities were also found in Microsoft Office 360 and Adobe PDF Reader.

On the second day, Adobe PDF Reader was exploited twice more. Additionally, this was a day where many notable operating systems were also targeted successfully. This included Ubuntu. However, the most noteworthy out of the exploits were breaches into iOS 14 on an iPhone 11 Pro and VMWare, a cloud storage system.

Considering the fact that iOS and VMWare are known as one of the highly secured products, these two break-ins bagged the biggest prizes. The prize money for the iOS hack and VMWare hack was $300,000 and $200,000 respectively.

The grand total of the bonuses given out to participants came up to $1.2 million. The largest sum of money out of this went to the team from Qihoo 360, whose total earnings were $744,500. In second place was Ant-Financial Light-Year Security Lab which won $258,000. The third-largest winnings were made by Pang, a security researcher, who single-handedly earned $99,500. At the same time, some teams could not win anything at all.

Advertisements

Patching Vulnerabilities Found by Ethical Hackers

The purpose of such competitions is not simply to hold some sort of cyber-sports for engineers and technicians. They are arenas for bringing together massive potential and human resource to strengthen the web of vulnerabilities software is rife with instead.

All vulnerabilities found in such competitions are reported to the companies in question. They are also notified in advance of the possibility of a breach taking place. The Tianfu Cup’s protocol is no different and patches for the reported vulnerabilities are expected to be released in the coming week.

While these events act as learning experiences for people involved in software engineering all over the world and are great places to win handsome cash prizes, they also serve a direct agenda for tech companies.

It is not uncommon for companies to hold bug bounty programs for their own products. This allows hackers from various different backgrounds and approaches to study the code on which a company’s software runs and allows for a diverse outside perspective into flaws in the existing code.

Facebook launched one such bounty program in 2018. In 2016, Apple also launched a similar program to identify flaws in the Apple operating systems and related software. Similarly, Google also has a bounty program, as a part of which it rewarded an Uruguayan teen $36,000 for blowing the whistle on a vulnerability.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

The Launch Of Smartphones And Other Devices In India Are Getting Postponed!

Dell, H.P, Lenovo, Xiaomi, Oppo and Vivo will delay product launches as India has not approved the import of...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This