CanSecWest is an annual conference that is being held in Vancouver, Canada, this year. It focus’ mainly on applied digital security and keeping hackers out. However, at the conference, there are some unique opportunities for hackers to bring their game and win some pretty hefty cash prizes in the process.
CaSecWest 2013: Pwn2Own Challenge
Right now, a lot of money is on the line at CanSecWest 2013 this week. There are two challenges that are sporting all of that prize money: Pwn2Own and Pwnium 3. Both of these competitions are sponsored by Google and the Hewlett Packard Zero Day Initiative and are designed to allow expert hackers to detect security flaws and exploits in several different systems such as Google’s Chrome.
If hackers can find fresh, ‘zero-day’ exploits in a series of browsers and plug-ins, they could win a ton of cash. To qualify, the exploits must be new and the machines being compromised must be running the latest, full patched version of either Windows 7 or 8 or OS X Mountain Lion. Just how much cash can they win, you ask? Here is a breakdown of the prizes and how they are doled out in the Pwn2Own competition:
- Google Chrome on Windows 7 ($100,000)
- Microsoft Internet Explorer, either
- IE 10 on Windows 8 ($100,000)
- IE 9 on Windows 7 ($75,000)
- Mozilla Firefox on Windows 7 ($60,000)
- Apple Safari on OS X Mountain Lion ($65,000)
Plug-ins using Internet Explorer 9 on Windows 7
- Adobe Reader XI ($70,000)
- Adobe Flash ($70,000)
- Oracle Java ($20,000)
Wow, right? That is over a half million dollars in prizes for the Pwn2Own competition alone! It isn’t the only competition at the conference, though. Google is actually sponsoring its own competition based solely on finding fresh exploits in their Chrome browser. They will be awarding prize money on a per exploit basis, as follows:
- Guest mode browser or system compromise using a web browser (logged-in user compromise also acceptable) – $110,000
- Compromise with persistence on device using a web browser (guest to guest with interim boot) – $150,000
The great thing about the Google competition is that tons of found exploits will be awarded with an individual prize. Google has already made it clear that they will award prizes totaling up to $3.1 million dollars, so that’s a lot of cash just sitting there, waiting to be won by a competent hacker. The only catch is that all exploits must be demonstrated on a fully patched Samsung Chromebook Series 5 550, however, Google is letting those without access to the hardware do their demos on a virtual machine.
Last year at CanSecWest 2012, a group of French cyber-security specialists who are self-titled ‘Team VUPEN’ quickly tore the rankings apart and took the lead when they were able to crack Google’s Chrome browser, Sandbox, on the very first day of the conference. We will see what happens this week as hackers come together to try and claim the prizes!