China’s Top Hackers Uncover Threats in iOS, Windows 10, and Chrome Among Many Others

Must Read

How To Leverage On Cold Calling to Help You Win Big In 2021

Cold calling is an old-fashioned sales strategy that involves sales representatives reaching out to prospective customers who have not...

With Free Delivery and Zero Surge Pricing, What’s Swiggy Upto?

Be it fancy, hearty meals delivered at door-step or being the savior of late-night food cravings - Swiggy has...

Are You A Gaming Geek: ‘Five Commandments’ Before You Buy Video Games Online !

Does your day start with joysticks instead of coffee mugs? Or as a kid your best friends were the...

In the third edition of China’s national ethical hacking contest, the Tianfu Cup, the country’s top hackers uncovered and exploited existing but unknown threats and vulnerabilities in the software of widely used software products including iPhone, Microsoft Edge, Google Chrome, etc.

Ethical hacking contests might come as a surprise to some. Such contests are held both nationally and internationally. They can be a component of Capture The Flag events, in which hacking (breach or exploitation) is one aspect of the challenges presented, or can be bug bounty programs, like the Tianfu Cup.

The contest spanned over two days taking up the first full weekend of November. A total of 15 teams participated, including several teams from Qihoo 360, a Chinese tech giant that has an excellent track record when it comes to such competitions.


All contestants were given 3 tries of 5 minutes each to target a software of their choice with an exploit they had engineered themselves. In total, there were 16 targets the teams had picked, out of which 11 were successfully hacked into.

On the first day, most contestants carried out exploits against major browsers. These included Google Chrome, Microsoft Edge, and Safari. Vulnerabilities were also found in Microsoft Office 360 and Adobe PDF Reader.

On the second day, Adobe PDF Reader was exploited twice more. Additionally, this was a day where many notable operating systems were also targeted successfully. This included Ubuntu. However, the most noteworthy out of the exploits were breaches into iOS 14 on an iPhone 11 Pro and VMWare, a cloud storage system.

Considering the fact that iOS and VMWare are known as one of the highly secured products, these two break-ins bagged the biggest prizes. The prize money for the iOS hack and VMWare hack was $300,000 and $200,000 respectively.

The grand total of the bonuses given out to participants came up to $1.2 million. The largest sum of money out of this went to the team from Qihoo 360, whose total earnings were $744,500. In second place was Ant-Financial Light-Year Security Lab which won $258,000. The third-largest winnings were made by Pang, a security researcher, who single-handedly earned $99,500. At the same time, some teams could not win anything at all.


Patching Vulnerabilities Found by Ethical Hackers

The purpose of such competitions is not simply to hold some sort of cyber-sports for engineers and technicians. They are arenas for bringing together massive potential and human resource to strengthen the web of vulnerabilities software is rife with instead.

All vulnerabilities found in such competitions are reported to the companies in question. They are also notified in advance of the possibility of a breach taking place. The Tianfu Cup’s protocol is no different and patches for the reported vulnerabilities are expected to be released in the coming week.

While these events act as learning experiences for people involved in software engineering all over the world and are great places to win handsome cash prizes, they also serve a direct agenda for tech companies.

It is not uncommon for companies to hold bug bounty programs for their own products. This allows hackers from various different backgrounds and approaches to study the code on which a company’s software runs and allows for a diverse outside perspective into flaws in the existing code.

Facebook launched one such bounty program in 2018. In 2016, Apple also launched a similar program to identify flaws in the Apple operating systems and related software. Similarly, Google also has a bounty program, as a part of which it rewarded an Uruguayan teen $36,000 for blowing the whistle on a vulnerability.


Please enter your comment!
Please enter your name here

Latest News

CRED Valuation Soars To $4 Billion As It Raises $251 Million

The fast-growing Credit card payments company CRED has concluded a $251 million financing round and has boosted its value...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This