In the Tianfu Cup hacking competition that took place in the city of Chengdu in China last weekend, Chinese security researchers won nearly 1, 88 million bucks. He has been particularly prolific with successful feats against various targets.
For China, the Tianfu Cup was modeled on the Pwn2Own hacking competition, and while the Beijing government banned Chinese security researchers from participating in international hacking contests.
Taking into account of possible developments since the initial announcement, the targets were announced last July as above. Almost all of them have been “pwned” on several occasions. The exceptions are a Synology DS NAS 100 j, a Xiaomi Mi smartphone 07 and a Chinese electric vehicle where there were no registered participants.
Big exploits for the iPhone 13 Pro
Participants had a few months to prepare their new exploits, before performing them on the devices provided by the organizers of the competition, which was won by the team of the Chinese security company Kunlun Lab. She pocketed nearly a third of the total amount of the winnings distributed.
Hackers had three 5-minute attempts to perform exploits, and with the option to register to hack multiple devices. The Record reports that the Kunlun Lab team’s victorious hunt board – with mostly elevation of privilege and remote execution vulnerabilities – includes two notable exploits.
The first is a chain of attack by remote code execution without interaction against an iPhone 13 Pro equipped with iOS 15. 0.2. The attack involved the Safari browser and was performed on stage in just 13 seconds. The second is a two-step – two bug – remote code execution string against the Google Chrome browser and to gain kernel mode privilege on Windows.
The Pangu team finished second in the hacking contest and with the biggest bonus won by demonstrating a jailbreak at remote for iPhone 11 Pro running the latest version of iOS 15.
Some fixes are in the offing …