After Chinese security researchers cracked some of the world’s most popular software at the Tianfu Cup, China’s largest and most prestigious hacking contest, they received $1.88 million in prize money.
The contest was held in Chengdu on the weekend of October 16-17. Researchers from the Kunlun Laboratory of the Chinese security company won the first prize, winning $654,500, accounting for one-third of the total prize money.
The Tianfu Cup competition has now entered its fourth edition, and the competition adopts the classic rules formulated by the Pwn2Own Hacker Contest.
In July of this year, the organizers of the “Tianfu Cup” announced a series of goals. Participants have 3 to 4 months to prepare for the loopholes. They will execute these loopholes on the equipment provided by the organizers on the competition stage. Researchers have three 5-minute attempts to run their exploits, and if they want to increase the bonus, they can register to hack multiple devices.
This year’s version includes a list of 16 possible targets, and 11 contestants successfully attacked 13 targets. The only ones that have not been hacked include Synology DS220j NAS, Xiaomi 11 smartphones and an undisclosed Chinese electric car-no participants even registered to try to hack.
As follows:
Most of the exploits are escalation of privileges and remote execution of vulnerabilities; however, the two achievements in the Tianfu Cup this year have stood out.
The first is a non-interactive remote code execution attack chain for fully patched iOS 15 running on the latest iPhone 13.
The second is a simple two-step remote code execution chain for Google Chrome, which has never been seen in hacking competitions for many years.
iPhone 13 Pro’s Safari browser won $300000 from remote jailbreak Pangu. @ mj0011sec
— HBS (@765075247Hbs) October 16, 2021
The admission was confirmed for the first day of the Tianfu Cup. Kunlun Lab @S0rryMybad cracked the Google browser to obtain the kernel-level permissions of the Windows system, using only two bugs.I remember it for the first time since 2015 — mj0011 (@mj0011sec) October 16, 2021
Great God MJ0011 appeared again. MJ0011 is the former 360 CTO, the founder of the 360Vulcan team, and the current CEO of Cyber Kunlun & Kunlun Labs. It is also the team that won the first prize this time.
The Links: 2DI200MC-050 2SB1188T100Q
