Google plots Pwnium 3 Chrome hacking contest, with $3.14 million on the line

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Info Security said:
In a move with perfect timing considering the number of Chromebooks that Google sold over the holidays (hint: a lot), the company has announced its third Pwnium hacking competition, which will have a new focus: the Chrome OS. In all, the browsing behemoth plans to award up to $3.14 million in winnings to those who can produce full exploits.

The attack must be demonstrated against a base (Wi-Fi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS. Any installed software may be used to attempt the attack. Google is also accepting exploits found via a virtual machine.

The Google Chrome browser, meanwhile, is already featured in HP’s Zero Day Initiative (ZDI)’s Pwn2Own competition this year, which is partially underwritten by Google. Both competitions will be held at the CanSecWest security conference taking place March 6–8 in Vancouver.

“Security is one of the core tenets of Chrome, but no software is perfect, and security bugs slip through even the best development and review processes,” the company said in a blog. “That’s why we’ve continued to engage with the security research community to help us find and fix vulnerabilities.”

For Pwnium 3, Google is offering $110,000 for a browser or system level compromise in guest mode or as a logged-in user, delivered via a web page, and $150,000 for a compromise with device persistence (guest to guest with interim reboot), delivered via a web page. Previously it was awarding $60,000 per exploit, up to $2 million.

Winners must deliver a full exploit plus accompanying explanation and breakdown of individual bugs used. Exploits should be served from a password-authenticated and HTTPS-supported Google property, such as Google App Engine.

Google said that the increased moolah is an acknowledgment of the difficulty of the task: “We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,” it said.

Read more: http://www.infosecurity-magazine.com/view/30463/google-plots-pwnium-3-chrome-hacking-contest-with-314-million-on-the-line/
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
This is good and bad, gets the community involved but also gives people an idea on how the Chrome OS is built.

If I had the skills to do this I would give it ago, but unfortunately I don't. :-/
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
McLovin said:
This is good and bad, gets the community involved but also gives people an idea on how the Chrome OS is built.
Don't think that a just one persone (aka. a hacker), will manage to find a vulnerability....if it were to be exploited, than most likely a company like VUPEN could find a some kind of exploit.Slim chances though, I'm sure google checked their OS code several times, and I don't think anyone will be able to find an exploit with it's operatying system... maybe, within a third party compontent.....
Anyway it will be interesting to watch this!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top