The annual PWN2OWN exploit contest at the CanSecWest conference in Vancouver, British Columbia & Canada, brings together some of the top security talent from across the globe in a friendly competition. For the participants, these events are a platform to demonstrate world-class skills and vie for significant cash prizes.
Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference, which started 2007. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited, a cash prize and a “Masters” jacket celebrating the year of their win. The name “Pwn2Own” is derived from the fact that contestants must “pwn” or hack the device in order to “own” or win it.
The conference has a huge influence on the security market since the pwned software needs to be patched after the discovery in order to close the holes. All browsers and operating systems will be the latest versions with all applicable security patches applied which is a requirement in order to gain a price.
Partnership with Microsoft
Pwn 2 Own is sposored by Trend Micro/ZDI and new in this year another main sponsor VMWare. Microsoft regularly leverages input from the community using programs such as bug bounties and the BlueHat prize in a relentless pursuit to improve the security of our products and expand our understanding of the latest threats.
That Microsoft can benefit from this cooperation ship has already been proven with the following changes:
- Windows Defender Application Guard which uses virtualization security to protect against kernel-based sandbox attacks
- Control Flow Guard (CFG) and Microsoft Edges JIT and code integrity protection, which mitigates many of the common techniques leveraged in past competitions
- Microsoft Edges improved sandbox, which reduces previous attack surface by 90%
These changes were made as influenced by offensive security research and shows the effectiveness of such a partnership.
5 Targets 2018
Pwn 2 own targets 5 categories this year.
- Web browsers
- Enterprise applications
- Windows Insider Preview Challenge
A quick summery of all prices and winners can be found here.
I think a lot of more people should be involved in such security invents, sadly it’s all about the cash and some companies simply can’t effort a lot money in order to attract some hackers which is really a problem.
Pwn2Own often gets into the media because of their vulnerabilities which were found during the conference and I like that the security focus will be presented in a way which are more or less easy understandable for the mass. As a result of such findings we’re getting security or bugfix updates which is a good thing because bad people might watching these events and trying to abuse it immediately. The product gets more secure, the hacker gets the crash and everyone can benefit from it.