Posted on May 21, 2022 at 9:02 PM
A hacking competition in Vancouver, Canada, has attracted some of the world’s best hackers in the industry. Their goal is to break into highly secured technology, including Tesla car, Apple’s Safari browser, and Microsoft Team.
Of course, there are several prizes to be won for successful hackers. But the Holy Grail is the pumper bounty of $600, 000 a successful hacker of Tesla Model 3 will receive. And as an extra reward for his effort, the successful person will take the hacked car.
The 15th anniversary of the Pwn2Own hacking competition is underway, some hackers have already received some rewards for their efforts. It is a lucrative testing ground for white hackers and security researchers to find vulnerabilities and inform the developers of their findings. In turn, the researchers are rewarded handsomely for their efforts.
Pwn2Own Hacking Attracts World’s Best Hackers
The competition was launched in 2007 by cybersecurity researcher, Dragos Ruju. It was initially created as a way of challenging security researchers to find vulnerabilities in MacBook Pros. However, the contest has now expanded into something bigger, with more hackers participating and more companies joining. It is now held multiple times a year and takes place over several days for each event.
Both the hackers and the companies that make the software benefit from the event. While the hackers gain financially in the form of rewards, the companies can patch any flaws to keep them safe from bad actors.
On the first day of the event, hackers succeeded in breaking into Safari, Mozilla Firefox, and Microsoft Teams. Communications manager of Trend Micro’s Zero Day Initiative, Dustin Childs, stated that he expected “bug collisions” or a single zero-day vulnerability discovered by two researchers. However, the results of the exercise so far showed that everything “was a unique exploit.”
He added that the latest event was the only contest in a long memory when nothing collided and every exploit worked for the first time. It’s also the first where the software security of most of the top tech giants was exposed on the first day of the event. Barely 24 hours after the competition started, security researchers were able to break into Microsoft Teams and Windows 11.
Researchers And Companies Benefit Mutually From The Event
Childs said Pwn2Own is an avenue where researchers can find exploit and disclose flaws where their efforts can be publicly recognized. He added that the event is playing a very important role in cyber security. Once a researcher notifies a developer about a vulnerability privately, the developer can provide a fix or patch to the flaw to prevent threat actors from exploiting the same flaw.
Although the company will dish out some financial rewards to the hacker, it is far better than the heavy costs the company will incur when its software is exploited in the wild.
Childs said the competition has expanded from a small browser-focused event to several locations across the world. The competition started by awarding $1,000 to successful participants. However, he said over $2 million was given as a reward to hackers across the events last year.
On Wednesday, the first day of the ongoing event, $800,000 was distributed across the events. The event has also gone hybrid to encourage more researchers to participate. This means that participants can compete virtually or attend the event in person.
The name of the contest comes from the combination of two terms, “pwn” and “own”. The first term is slang used to mean beat someone else, while the second term is added because the successful hacker usually takes the software technology with them.
Companies Intensify Efforts To Protect Their Software
The Pwn2Own hacking competition is not the only avenue for security researchers to earn some form of financial reward for their efforts. Several companies like Microsoft and Tesla also offer their respective bounty programs for participants that succeed in breaking into their systems. The level of cyber threats for businesses and organizations has increased over the past few years. Bad actors are devising several means to use sophisticated tools for exploits. Both private entities and the government are at risk of these exploits.
Last month, US government agencies and other cybersecurity authorities in other countries released a joint statement, warning organizations of imminent cyber threats. The advisory stated that the threats are coming from both individual and government-sponsored threat actors.