Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Pwn2Own 2018 Expands Targets and Raises Prize Pool to $2M

    Written by

    Sean Michael Kerner
    Published February 2, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The annual Pwn2own hacking competition run by Trend Micro’s Zero Day Initiative (ZDI) is set to return for 2018, along with a longer list of targets and more money for security researchers, than ever before.

      Pwn2own is a security researcher contest that typically has two events a year, with the primary event focused on browser and server technologies and a second event just for mobile technologies. The first event of 2018 is set for March 14-16 and will have five targets: virtualization, web browsers, enterprise applications, servers and a new Windows Insider Preview Challenge category.

      At Pwn2Own, researchers attempt to demonstrate previously undisclosed zero-day vulnerabilities in software, with successful attempts being rewarded with cash prizes. For the 2018 event, ZDI has a total prize pool of $2 million.

      At the Pwn2Own 2017 event a total of 51 zero-day vulnerabilities were disclosed by security researchers, including flaws in VMware, Microsoft, Adobe, Apple and Ubuntu Linux technologies. In total, ZDI awarded researchers $823,000 in prize money for their efforts. 

      The 2017 event was the first in which Linux technologies were specifically targeted and they’ll be back on the list for 2018. Among the 2018 targets is the open-source Apache web server running on an Ubuntu 17.10 Linux distribution. Apache is joined this year for the first time with the open-source Nginx web server as well. A successful exploit of either Apache or Nginx will yield a $100,000 award.

      VMware was also a new target at the 2017 event and will be returning in 2018. VMware won’t be the only virtualization target though. Oracle’s VirtualBox technology and Microsoft’s Hyper-V client is also on the target list this time. ZDI is offering a $35,000 prize for a successful exploit of VirtualBox. For those that are able to exploit VMware Workstation, the award rises to $70,000. The top prize for a virtualization exploit will be awarded for a Microsoft Hyper-V client attack will be worth $150,000.

      VirtualBox and Nginx have been added to the target list because ZDI is interested in learning what bugs might be lurking on on those platforms, Dustin Childs, communications manager for ZDI, told eWEEK. In addition to the Pwn2Own event, ZDI operates a year-round program in which it buys security vulnerabilities from researchers.

      “We’ve seen other VirtualBox bugs submitted to the program and want to see what types of research is being done on these products,” Childs said. 

      Sponsorships for 2018 Pwn2own

      Trend Micro is not footing the bill for all the awards this year as VMware and Microsoft are co-sponsoring the event.

      “As a sponsor, VMware is subsidizing awards,” Childs said. “As a partner, Microsoft is subsidizing awards and offering their own bounty as part of the prize package too.”

      Part of Microsoft’s participation in the Pwn2own 2018 event is a new program called the Windows Insider Preview Challenge. In that challenge, security researchers will take aim at pre-release Microsoft software. Microsoft will award researchers up to $250,000 for a successful exploit of the Windows Defend Application Guard for Edge, while a successful remote code execution exploit of the Windows SMB (Server Message Block) protocol will earn up to $100,000.

      “The pre-release software is available through the Windows Insider program,” Childs said. “The Redstone 4 (RS4) of Windows 10 will be used.”

      Browsers targets

      The core of Pwn2own has long been the competition’s focus on web browers and 2018 will not be an exception with Google Chrome, Microsoft Edge, Apple Safari and Mozilla Firefox all on the target list.

      The Apple Safari target also includes the macOS operating system. ZDI will award a researcher $55,000 for a successful exploit that enables a sandbox escape from the browser. Modern web browsers all have some form of sandboxing technology that is intended to secure processes within the browser and not enable attacks across a system. Once on a system and out of the sandbox, ZDI will award a $65,000 prize for a successful macOS privilege escalation attack that enables a research to execute code on the system.

      The Pwn2own 2018 event is set to run March 14-16 at the CanSecWest 2018  conference held in Vancouver, Canada.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×