Trend Micro Announces Mobile Pwn2Own Contest With Prize Pool of Over $500,000
Posted August 28, 2017 at 10:07pm by iClarified
Trend Micro has announced the Zero Day Initiative’s Mobile Pwn2Own contest taking place November 1-2 during the PacSec 2017 Conference in Tokyo, Japan. The contest rewards security researchers for demonstrating and disclosing zero-day attacks on the latest and most popular mobile devices.
Contestants will be awarded cash and prizes during the competition for vulnerabilities and exploitation techniques against the most up-to-date patches in popular mobile platforms. This year’s targets include the Apple iPhone 7, Samsung Galaxy S8, Google Pixel and Huawei Mate9 Pro. Following the contest, vendors will have 90 days to produce patches for these bugs, instead of the standard 120 disclosure window. This reflects the integrity of successful exploits produced during the contest. As these are practical vulnerabilities with demonstrated applications, a shortened patch window helps provide quicker protection for the end user against potentially damaging bugs.
“This contest embodies Trend Micro’s leadership in encouraging and facilitating the discovery of zero-day vulnerabilities,” said Mike Gibson, vice president of threat research for Trend Micro. “Rewarding responsible disclosure of these bugs promotes our overarching goal of making everyone safer online. Researchers participating in the contest gain notoriety and can win a significant amount of money, and vendors are given the opportunity to patch zero-day vulnerabilities that might have otherwise wreaked havoc on their systems.”
This year's event offers larger prizes than ever before, with a prize pool of over US$500,000. The contest consists of four categories including browsers, short distance and WiFi, messaging and baseband, which is returning this year. A complete list of targets and prizes can be seen in the screenshot below.
In addition to the standard categories and prizes, there are add-on bonuses for executing code with kernel privileges and having the payload persist after a reboot. These bonuses will help contestants reach the coveted title, “Master of Pwn,” by adding additional points to their running total from each successful exploit.
Read More
Contestants will be awarded cash and prizes during the competition for vulnerabilities and exploitation techniques against the most up-to-date patches in popular mobile platforms. This year’s targets include the Apple iPhone 7, Samsung Galaxy S8, Google Pixel and Huawei Mate9 Pro. Following the contest, vendors will have 90 days to produce patches for these bugs, instead of the standard 120 disclosure window. This reflects the integrity of successful exploits produced during the contest. As these are practical vulnerabilities with demonstrated applications, a shortened patch window helps provide quicker protection for the end user against potentially damaging bugs.
“This contest embodies Trend Micro’s leadership in encouraging and facilitating the discovery of zero-day vulnerabilities,” said Mike Gibson, vice president of threat research for Trend Micro. “Rewarding responsible disclosure of these bugs promotes our overarching goal of making everyone safer online. Researchers participating in the contest gain notoriety and can win a significant amount of money, and vendors are given the opportunity to patch zero-day vulnerabilities that might have otherwise wreaked havoc on their systems.”
This year's event offers larger prizes than ever before, with a prize pool of over US$500,000. The contest consists of four categories including browsers, short distance and WiFi, messaging and baseband, which is returning this year. A complete list of targets and prizes can be seen in the screenshot below.
In addition to the standard categories and prizes, there are add-on bonuses for executing code with kernel privileges and having the payload persist after a reboot. These bonuses will help contestants reach the coveted title, “Master of Pwn,” by adding additional points to their running total from each successful exploit.
Read More