Hacking contest to pay $10,000 in cash for smartphone bugs
- — 26 February, 2009 08:21
A hacking contest slated for next month will award cash prizes of $10,000 to anyone who can break into the most popular smartphones, including Apple's iPhone and Research in Motion's BlackBerry.
The PWN2OWN contest, which will kick off March 18 at the CanSecWest security conference in Vancouver, British Columbia, will offer a dual-track hacking challenge for the first time, said Terri Forslof, security response manager at 3Com's TippingPoint, the contest sponsor.
PWN2OWN has made headlines in its two previous years for hacks of Apple's Mac OS X and Microsoft's Windows. But this year, the content will focus on mobile devices and Web browsers, said Forslof.
"Mobile is a new frontier of sorts," said Forslof. "We've seen mobile exploits in the past, but we still don't see a lot of focus in that area. More and more, people are taking computing on the go and rely on these devices for e-mail and accessing the Web. So it seemed prudent to have a look at them, and the contest is a good forum for that."
The contest will pit hackers against five smartphone operating systems, including Windows Mobile, Google Inc.'s Android, Symbian, and the OSes used by the iPhone and BlackBerry. The first to break into any of the five smartphones gets to keep that device with a one-year service contract, but each successful exploit pays out $10,000. TippingPoint, which operates the Zero Day Initiative (ZDI) bug-bounty program, and purchases the rights to the vulnerabilities and exploit code used during the contest, has not capped the number of bugs it will buy.
"We're not going to limit it this year," Forslof said. "In the first year, we had a one bug-one winner kind of contest. Last year it was sort of similar, although we offered three prizes."
PWN2OWN's second track will feature a battle between hackers and browsers on Windows and Mac OS X. Attacks against Internet Explorer 8 (IE8), which recently reached "release candidate" status, Firefox and Chrome will play out on a Sony Vaio laptop running Windows 7, while a MacBook will host Safari and Firefox on Apple's operating system.
TippingPoint will award cash prizes of US$5,000 for each browser bug successfully exploited, and give the targeted laptop to the first hacker who breaks into any of the browsers.