Pwn2Own 2010: $100,000 for browser & mobile phone exploits
Source: TippingPoint DVLabs Aaron Portnoy, TippingPoint Technologies Security Research Team Lead, has announced that the annual Pwn2Own contest will take place at this year's CanSecWest security conference on the 24th of March in Vancouver. To commemorate the 4th Pwn2Own contest, the total cash prize amount has been increased to $100,000 this year.
According to Portnoy, this year's event, which will take place over the course of three days, will focus on "two main technology targets". As with previous Pwn2Own events, the first portion of the contest will target web browser and operating system pairings. Over the course of the event, contestants will be able to attempt to exploit browsers ranging from Internet Explorer 7 & 8, to Firefox 3, Chrome 4 and Safari 4 on Windows 7, Vista and Mac OS X 10.6 Snow Leopard. According to the rules, the exploits used should work with little or no user interaction. Apple's iPhone 3GS, RIM's Blackberry Bold 9700, a Nokia Symbian S60 phone and a Motorola Android-based phone will also be targeted.
The browser and mobile contest will run concurrently and those interested in participating are asked to register by emailing ZDI@tippingpoint.com. Those selected will be assigned a random 30 minute time slot. Each functional mobile phone exploit is worth $15,000 and each browser exploit is worth $10,000.
Last year Safari, Internet Explorer 8 and Firefox all fell to exploits on the first day. However, there were no successful attacks on BlackBerry, Android, iPhone, Symbian and Windows Mobile smartphones. Last year's big news was of a 25 year old computer science student at the University of Oldenburg in Germany, going by the name of 'Nils', who paid for part of his education by finding and selling vulnerabilities. He won a total of $15,000 for successfully exploiting all three major browsers – Firefox, Internet Explorer 8 and Safari. Security researcher and repeat Pwn2Own winner Charlie Miller said that finding exploits on the Mac is fun, while on Windows it's hard work.
- Pwn2Own 2009 ends: Smartphones & Chrome unbroken,a report from The H.
- Pwn2Own 2009: Safari, IE 8 and Firefox exploited, a report from The H.
- Pwn2Own 2009: cash for mobile and browser holes, a report from The H.