Pwn2Own brings together some of the brightest minds in the world of hacking. These minds compete for over $500,000 in prizes that they receive in exchange for revealing critical bugs in popular software.
This year, browsers took a major hit. All four popular browsers – Chrome, Firefox, Safari, and Internet Explorer – were hacked during the 2015 event in Vancouver.
The event paid out $442,000 for 21 critical bugs discovered in the four major browsers. Other critical bug were discovered in Windows, Adobe Reader, and Adobe Flash.
Want to Make $916 Per Second by Hacking Web Browsers?
One of the highlights of this year’s competition came in the form of Jung Hoon Lee, also known as lokihardt, who demonstrated an exploit that took down the stable and beta versions of Google Chrome.
In most hacking tests, Chrome has been famously hard to exploit. It’s arguably the most secure browser out there today. The browser was no match for Jung Hoon Lee, however, who started his attack with a buffer overflow race condition in Chrome. The attack also targeted an information leak and a race condition in two Windows kernel drivers, which allowed the attack to break past Chrome’s built-in anti-exploit mechanisms (like the sandbox and address space layout randomization).
Ultimately, Jung’s work earned him the biggest payout of 2015’s Pwn2Own. He earned a whopping $75,000 USD for his work, plus an extra $25,000 for the privilege escalation to SYSTEM exploit and an additional $10,000 from Google for exploiting the beta version of Chrome, bringing his total prize money to $110,000.
Does that sound like a lot of money? Well consider this: according to Pwn2Own organizers, Jung’s two minute demonstration of Chrome’s vulnerabilities netted him $916 per second!
And that was just the first day.
For his final act of the competition, Jung took out Apple Safari using a use-after-free (UAF) vulnerability in an uninitialized stack pointer in the browser and bypassed the sandbox for code execution. This brought him another $50,000.
Jung also took down the 64-bit version of Internet Explorer 11 with a time-of-check to time-of-use (TOCTOU) vulnerability that allowed for read/write privileges, using a sandbox escape to avoid all the built-in defensive mechanisms. This earned him $65,000 USD.
Anyways, this year’s Pwn2Own competition was dominated by Jung in a way we’ve rarely seen before. How many people can say they earned $225,000 over a two day hacking competition?
All Major Browsers Already Fixing their Flaws
One of the best parts about Pwn2Own is that the world becomes a little safer place because of it.
All of the major browser manufacturers are already working hard to fix the exploits identified by Jung and other hackers.
That’s why the sponsors pay big money for this event: it motivates hackers to work ethically to identify browser flaws, instead of, you know, actually exploiting browser users to support the black market.
Pwn2Own 2015 was sponsored by HP, Blackberry, and Google. It has taken place every year at the CanSecWest security conference since 2007.