Cyber security researchers from China won $1.88 million after hacking some of the world’s most popular software at the annual Tianfu Cup, the fourth edition of the international hacking contest held in the city of Chengdu, China.
The Tianfu Cup is similar to Pwn2Own where participants get rewarded for exploiting vulnerabilities in widely used software and hardware. It was created in the wake of government regulation in the country that restricted researchers from participating in international hacking competitions. The first edition was held in autumn 2018 where security researchers successfully hacked Edge, Chrome, Safari, iOS, Xiaomi, Vivo, VirtualBox, and other devices.
This year’s edition took place over the weekend on October 16 and 17, where the Kunlun Lab team, whose CEO is a former CTO of Qihoo 360, hacked the iPhone 13 Pro operating on a fully patched version of iOS 15.0.2 in record time. The iPhone 13 Pro was hacked live on stage using a remote code execution exploit of the mobile Safari web browser.
However, Kunlun Lab wasn't the only team to hack the iPhone 13 Pro. Team Pangu, which has a history of Apple device jailbreaking, also hacked a fully patched iPhone 13 Pro running iOS 15, but took a few extra minutes.
The other targets included Google Chrome operating on Windows 10 21H1, Adobe PDF Reader, Docker CE, Ubuntu 20/CentOS 8, Microsoft Exchange Server 2019, Windows 10, VMware Workstation, VMware ESXi, Parallels Desktop, Apple Safari running on Macbook Pro, iPhone 13 Pro running iOS 15, domestic mobile phones running Android, QEMU VM, Synology DS220j DiskStation, and ASUS RT-AX56U router.
The hacking contest saw three independent and parallel competitions. The competitions included PC, mobile, and server, and eight categories: Virtualization Software, Operating System Software, Browser Software, Office Software, Mobile Intelligent Devices, Web Services, and Applications Software, DNS Services Software, and Common Management Services Software.
The hacking competition also included a separate trade show and cybersecurity conference, which this year was presented by Qi Xiangdong, chairman of security firm QiAnXin, and also included sections dedicated to smart vehicle security, IoT security, artificial intelligence security, and smart city security.