Multiple operating systems and browsers successfully exploited in minutes by Bug Bounty hunters at Tianfu Cup 2020, a Chinese Hacking competition
Tianfu Cup 2020:
The Tianfu Cup is China’s biggest hacker competition which carried out for the third time this year. The two-day event, which happened over the weekend, saw white hat hackers from 15 different teams using original vulnerabilities to break into widely used software and mobile devices in 5 minutes over three attempts.
Organizers of the event describe it as “China’s Pwn2Own” and this year the prize pool exceeded $1 million.
Unseen exploits were successfully pwned in multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung by bug bounty hunters in Tianfu Cup 2020.
“Many mature and hard targets have been pwned on this year’s contest,” the event organizers said. “11 out of 16 targets cracked with 23 successful demos.”
Above all, the hacking competition showed off hacking attempts against a number of platforms, including:
- Adobe PDF Reader
- Apple iPhone 11 Pro running iOS 14 and Safari browser
- ASUS RT-AX86U router
- CentOS 8
- Docker Community Edition
- Google Chrome
- Microsoft Windows 10 v2004
- Mozilla Firefox
- Samsung Galaxy S20 running Android 10
- TP-Link TL-WDR7660 router
- VMware ESXi hypervisor
- Firstly, Qihoo 360 team came top with $744,500 in prize money by exploiting – Chrome, VMware ESXi, Qemu, Firefox, Adobe Reader, iPhone 11 Pro with iOS 14, Samsung Galaxy S20, Windows 10, and CentOS 8
- Followed by Ant-Financial Light-Year Security Lab acclaimed $258,000 and a security researcher named Pang bagged $99,500
- Other participants targeted Safari, Docker, Adobe Reader, the Galaxy S20, Ubuntu, and Asus and TP-Link routers.
Most importantly, the patches for all the exploits demonstrated are expected to be released in the upcoming days.