Inside Science
/
Article

BRIEF: 10 Years of Pwnage

MAR 15, 2017
Celebrating its tenth anniversary this March, hacking competition Pwn2Own has uncovered numerous vulnerabilities in everyday computer programs.
BRIEF: 10 Years of Pwnage  lead image

The “Master of Pwn” robe awarded to the overall winner during the 2016 Pwn2Own competition.

Image courtesy of Zero Day Initiative.

(Inside Science) -- Pwn2Own is an annual computer hacking competition held during the CanSecWest security conference. This year’s competition, which takes place March 15 - 17 in Vancouver, Canada, will mark its tenth anniversary.

“Started in 2007, the original challenge was just to ‘pwn,’ or compromise, a mac laptop. And if you pwn it, you get to own it too,” said Dustin Childs from Zero Day Initiative, the organizer of the event.

The competition has grown significantly since then, with this year’s prize money totaling more than $1 million. This year’s competition will be divided into five categories , each with its own list of contests. For example, in the web browser category, the contestants will try to hack into a computer through its browser. Contestants develop websites that can break out of the browser’s “sandbox,” a security mechanisms designed to separate programs, and gain access to the rest of the operating system. The prize for a successful attempt to do so via Google Chrome is $80,000.

“They will essentially have thirty minutes, and they’ll have three tries within that thirty minutes, but most of the work is done well before the conference,” said Childs. “It usually takes between a hundred and two hundred hours of research to put together a full exploit, but then once they actually get to the contest, it will only take them thirty seconds to run it.”

During last year’s event, 21 vulnerabilities were discovered by the competitors in the browsers category alone, which included Google Chrome, Microsoft Edge, and Apple Safari . The exploits were then disclosed to the developers to help patch the software.

More Science News
FYI
/
Article
Office of Management and Budget Director Russell Vought defended a sprawling proposed rule that has drawn tens of thousands of public comments over the past month.
APS
/
Article
The synchronization of two quantum oscillators reveals a collective rhythm encoded solely in their correlations.
FYI
/
Article
Committee Democrats argued the hearing was a distraction and an excuse to slash spending.
AAS
/
Article
The galaxy seems to be full of free-range Neptunes, but a closer look reveals some complicated family dynamics in planetary systems.
/
Article
By tweaking a standard microscale gyroscope, researchers were able to significantly amplify the signals used to measure rotation.
/
Article
When rubber-soled shoes skid on a hardwood floor, slip pulses travel between the two surfaces at high speeds to produce the familiar sound.
/
Article
/
Article
Nuclear winter, climate change, bioterrorism, AI. Those and other threats are growing in potential impact. What can we do?
/
Article
The specialized devices are democratizing access to cosmic-ray experiments.