How easy is it hack some of the world’s most popular software, such as Microsoft’s Windows 10 and Google’s Chrome? Well, quite easy it seems, at least for some of the world’s best hackers. That’s what happened at this year’s Tianfu Cup in China, where brand new exploits were used against leading services.
If you are unfamiliar with the Tianfu Cup, it is one of the biggest hacking competitions in the world and the largest in China. Held in central China city Chengdu each year, the competition has become a proving ground for security researchers.
It is also a place where the best tech software can test their mettle against zero-day exploits. Over the two-day event, security researchers test how popular software can handle zero-day vulnerability threats.
Hackers at the Tianfu Cup are looking to exploit apps and programs with never-seen-before attacks. If they succeed a point is earned, and the researchers with the most points win prizes. Last year, Microsoft Edge was successfully breached, and it seems Windows 10 was this year.
Many mature and hard targets have been pwned on this year’s contest. 11 out of 16 targets cracked with 23 successful demos:
Chrome, Safari, FireFox
Adobe PDF Reader
Docker-CE, VMware EXSi, Qemu, CentOS 8
iPhone 11 Pro+iOS 14, GalaxyS20
Windows 10 2004
TP-Link, ASUS Router
— TianfuCup (@TianfuCup) November 8, 2020
While that’s not good news for Microsoft, the company is certainly not alone. In fact, many leading platforms and services were compromised during the event. It is worth noting companies welcome these hackathons for exposing issues in software that can be fixed before an in-the-wild exploit is made.
“Many mature and hard targets have been pwned on this year’s contest,” organizers said today. The following services were successfully breached:
- iOS 14 running on an iPhone 11 Pro
- Samsung Galaxy S20
- Windows 10 v2004 (April 2020 edition)
- Adobe PDF Reader
- Docker (Community Edition)
- VMWare EXSi (hypervisor)
- QEMU (emulator & virtualizer)
- TP-Link and ASUS router firmware
Fifteen Chinese hacking groups took part in the Tianfu Cup this year. Each hacker gets three five-minute windows to attempt to hack a chosen target with a never seen before exploit. All successful exploits are reported to the developer of the software and patches should be released this week.
Chinese tech company Qihoo 360 won the competition for the second year (the cup is in its third year).