Pwn2Own is an event in which hackers from all over the world come together and engage in a hacking competition. Major companies such as Apple, Microsoft, Google etc all bring their products to the event to see if it can be hacked. Successful hackers go home with cash prices among other incentives. This kind of competition is important because it helps companies to know the loopholes in their products and try to make them better and more secure.
This year’s event is dubbed Pwn2Own 2019 and it was held in Vancouver Canada. It was sponsored by tech giants such as Microsoft, VMware, and Tesla. This is the first time the contest includes an automotive category.
Many tech products such as software, Operating Systems, were hacked successfully at the event. There’s prize money to be won for each successful hack.
Tesla Firefox Safari Edge gets hacked
One would think that a product from Apple would be so secure and unhackable. Apparently not! The renowned Fluoroacetate team (the duo of Amat Cama and Richard Zhu) were able to hack the Safari browser by bypassing the sandbox feature using integer overflow and heap overflow. This successful hack earned them a whopping $55,000. Another team known as the phoenhex & qwerty team took down Safari with the help of kernel elevation. Apple already knew of the bug so it was considered a partial win. Notwithstanding, they smiled home with $45,000.
Of course, the browser was successfully hacked. The same Fluoroacetate team who hacked the Safari browser also hacked the Mozilla Firefox. This they did by exploiting a JIT bug. It was followed by an out-of-bounds write in the Windows kernel. They won $50,000 for their effort. Also another hacker Niklas Baumstark also hacked the Firefox browser. He also used JIT bug and logic bug to fool the sandbox. He smiled to the bank with $40,000.
Microsoft edge browser and Tesla were not spared by the rampaging hackers at all. The same Fluoroacetate team opened Edge via a VMWare workstation and used an exploit to take down the underlying Windows host. They won $130,000 and as if that was not enough, they also hacked a Tesla Model 3 by exploiting a JIT bug. They won $35,000 and Model 3 which they hacked.
All the companies which were hacked will be provided with full details so as to enable them to fix the bugs. After 90 days the details of the bug will be made public.