BRIEF: 10 Years of Pwnage
The “Master of Pwn” robe awarded to the overall winner during the 2016 Pwn2Own competition.
Image courtesy of Zero Day Initiative.
(Inside Science) -- Pwn2Own is an annual computer hacking competition held during the CanSecWest security conference. This year’s competition, which takes place March 15 - 17 in Vancouver, Canada, will mark its tenth anniversary.
“Started in 2007, the original challenge was just to ‘pwn,’ or compromise, a mac laptop. And if you pwn it, you get to own it too,” said Dustin Childs from Zero Day Initiative, the organizer of the event.
The competition has grown significantly since then, with this year’s prize money totaling more than $1 million. This year’s competition will be divided into five categories , each with its own list of contests. For example, in the web browser category, the contestants will try to hack into a computer through its browser. Contestants develop websites that can break out of the browser’s “sandbox,” a security mechanisms designed to separate programs, and gain access to the rest of the operating system. The prize for a successful attempt to do so via Google Chrome is $80,000.
“They will essentially have thirty minutes, and they’ll have three tries within that thirty minutes, but most of the work is done well before the conference,” said Childs. “It usually takes between a hundred and two hundred hours of research to put together a full exploit, but then once they actually get to the contest, it will only take them thirty seconds to run it.”
During last year’s event, 21 vulnerabilities were discovered by the competitors in the browsers category alone, which included Google Chrome, Microsoft Edge, and Apple Safari . The exploits were then disclosed to the developers to help patch the software.
