Over the weekend, the best hackers in China gathered in the city of Chengdu for the Tianfu Cup, the biggest hacking competition in the country. Over the two-day event, security researchers would test how popular software would handle zero-day vulnerability threats.
In other words, hackers at the Tianfu Cup are looking to exploit apps and programs with never-seen-before attacks. If they succeed a point is earned, and points leaders win cash prizes.
During day 1, hackers managed to exploit leading web browsers and Microsoft’s Office 365 cloud productivity suite. 13 attacks were successful during the day, including on Microsoft Edge, Google Chrome, and Apple’s Safari.
Among those successful hacks, Microsoft Edge was the most exploited. Three successful exploits were recorded on the browser. It is worth noting that these attacks were against the existing Edge version. This is the old app running Microsoft’s EdgeHTML engine.
Of course, Microsoft has since moved Edge to the Chromium rendering engine. That browser will leave preview for a full launch on January 15, so was not included in the Tianfu Cup. Speaking of Chromium, Google’s Chrome browser was hacked successfully 2 times.
Elsewhere, Apple’s Safari and Office 365 both suffered 1 zero-day apiece.
Growing Interest in Hacking Events
It is worth noting, software vendors have taken an increasing interest in hacking competitions. So much so, many companies will actively attend events so they can get bug reports instantly. This allows fixes to be applied much more quickly.
That all said, the Tianfu Cup is different because of restrictions China places on vendors. It is not heavily attended by companies, although Google’s Chrome security team had a presence at the event.
As with all reputable hacking contests, all zero-days will be reported to companies once the competition ends.