Hackers offered Big Payout to Poison Web Browsers

Dennis Faas's picture

Elite hackers and ethical computer security enthusiasts are preparing themselves for the Pwn2Own competition, which challenges participants to break through security of popular software programs (such as web browsers).

Once software is breached, it is referred to as an "exploit", in which hackers are then able to gain access to other areas of the computer's operating system without restrictions. It's these types of attacks which occur on web sites frequently, where visitors become instantly infected just by visiting a malicious website containing an unknown exploit (also referred to as a "zero day" attack).

Normally, anyone who successfully pulls off an attack at the Pwn2Own contest -- which must be carried out on the latest official release of the browser on a machine running a fully patched version of either Windows 7 or Mac OS X -- wins a $15,000 prize from the organizers.

Google Offers $20,000 Prize for Exploiting Chrome

This year, there's a special prize for breaching the Chrome browser. On the first day of the event, contestants can only exploit vulnerabilities that involve 100 per cent Google programming code, rather than third-party adaptations. If they do so, they'll get a $20,000 prize that's paid for entirely by Google.

On the remaining two days, Chrome is under the same rules as other browsers, meaning any successful attack method is valid. A winner here will still get the higher $20,000 prize, but only half of this will be funded by Google. (Source: tippingpoint.com)

Sandboxing: An Effective Deterrent

It will be intriguing to see how many hackers are tempted by the extra $5,000 offer.

In the past, some of the people who've successfully attacked browsers such as Internet Explorer have said it's simply not worth the effort attacking Chrome because of its unique sandbox design.

In computing terms, a "sandbox" is a space in memory which is set aside and completely separate of the operating system. Sandboxing is effective in preventing rogue programs access to any other part of the browser or operating system so that it cannot be exploited. (Source: eweek.com)

Prize Money Meant to Keep Hackers Quiet

Under the rules of the contest, if anyone pulls off a successful attack they must hand over the details of the method: the prize money is considered payment for the intellectual property rights. The organizers then inform the browser manufacturer and do not publish them until a fix is available.

Pwn2Own takes place in Vancouver, Canada next month at the CanSecWest conference. Contestants can opt to attack Chrome, Firefox, Internet Explorer or Safari. They'll get a maximum of half an hour to carry out the attack. Hackers can also opt to target mobile devices running Apple's iOS, the Blackberry system, Google's Android and Microsoft's Windows Phone 7.

Rate this article: 
No votes yet