China’s hacking competition finds loopholes in Chrome, Android, iOS 14, Windows, and more
The 2020 edition of China’s Tianfu Cup saw youngsters using new exploits to hack into the world’s popular software platforms/services.
Tianfu Cup is a prestigious annual hackathon held in China. Each year, youngsters compete to find new and unique ways to hack into popular software and platforms. This year has been no different as young hackers discovered exploits in iOS 14, Windows 10, Chrome, Safari, and Adobe PDF Reader, among others.
According to Zdnet, 15 teams participated in the third edition of China's Tianfu Cup. Competing teams were given three attempts of five minutes each to hack into a selected target using an original exploit. Note that all successful exploits are relayed to the software providers, which are likely to issue patches and updates in the coming days.
ALSO READ: Bigbasket faces potential data breach; details of 2 crore users put on sale on dark web
The 360 ESG Vulnerability Research Institute was named the champion. The team received $750,000 in prize money. The team had won the competition last year as well. AntFinancial Lightyear Security Lab and security researcher Pang bagged the second and third spots, respectively.
TFC 2020 has come to the end, all these excellent offensive researchers and their burning 0days makes #TFC 2020 a success! Thank you all for participating and following!🥳🥳🥳 pic.twitter.com/MwJLc5M0B4
— TianfuCup (@TianfuCup) November 8, 2020
China's Tianfu Cup team successfully hacked into the following systems:
iOS 14 (on iPhone 11 Pro Max)
Android (on Samsung Galaxy S20)
Chrome
Safari
Firefox
Adobe PDF Reader
Docker-CE
VMware EXSi
Qemu
CentOS 8
Windows 10 2004
TP-Link
ASUS Router
Responding to China's Tianfu Cup, former chief security officer at Facebook and computer scientist Alex Stamos called for a national strategy to create something equivalent for cybersecurity research.
While good people at NSA/CYBERCOM and CISA are certainly paying attention, the lack of a national strategy that takes into account the reality of our situation is glaring. We've lost four years while the PRC has built an incredible (and paradoxically capitalist) ecosystem.
— Alex Stamos (@alexstamos) November 8, 2020
“This and similar contests contain hard lessons about the bug density of critical US software and the effectiveness of the PRC's effort to create a homegrown public-private offensive capability. These lessons need to be deeply considered by the reconstituted Biden NSC cyber team,” he said in a tweet.
“In pithier terms: Chinese researchers are burning full-patched iOS 0-day for $180k while our Supreme Court is considering whether security research should remain legal in the US,” he said in another tweet.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.
