Web Browsers and Chromebook Fall in Hacker Contests

None of the major Web browsers are impervious to focused hacker teams. All four were successfully hacked in the Pwn2Own contest that took place this past week in Vancouver.

The two-day hackathon, which concluded Thursday, is backed by Hewlett-Packard and run by its Zero-Day Initiative. The contest organizers offered up to $1.085 million in prizes; $82,500 of that money went to charity and the rest to eight research teams.

The objects of the hackers' attention: Apple's Safari, Google's Chrome, Microsoft's Internet Explorer, and Mozilla's Firefox desktop browsers, plus Adobe's Reader and Flash plug-in. The Google, Microsoft and Flash entries had all been refreshed with security updates right before the contest.

Team Winnings of $400,000

Chaouki Bekrar, Chief Executive and Chief Researcher at Vulpen Security, told news media that the big takeaway from the contest was that "even the most secure software can be compromised by a team of researchers with enough resources." His team took home the most ever won by a Pwn2Own team -- $400,000.

The security vulnerabilities are reported to the software's maker, which can then close that particular barn door. Additionally, software makers watch for others' vulnerabilities, to make sure their products are not similarly susceptible.

Software makers are also reducing the time it takes them to patch reported issues. As recently as 2012, the average time for a security bug fix to be released was 180 days, but now that's been cut by a third to about 120.

Additionally, the number of submitted exploits by research teams this year was a record-setting 16. One team, the Keen Team from China, received $65,000 for successfully breaking into Safari and Flash. Members of that team have committed to donating some of their prize money to a Chinese charity set up for families of passengers on the missing Malaysian Airlines plane.

Google's Pwnium Shows Chromebooks Also...

Comments are closed.