Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Trend Micro Offers $250K to Hack iPhone in Pwn2Own Contest

    By
    SEAN MICHAEL KERNER
    -
    September 12, 2016
    Share
    Facebook
    Twitter
    Linkedin
      hacking contest

      The mobile Pwn2Own hacking contest is back for 2016, this time offering top prize of $250,000 to any security researcher who forces an Apple iPhone to unlock.

      The Pwn2Own contest has undergone a bit of a transition as Hewlett Packard Enterprise sold the Zero Day Initiative (ZDI) group that sponsors the event to Trend Micro earlier this year. The browser edition of the Pwn2Own event was held in March and was jointly sponsored by HPE and Trend Micro. The mobile Pwn2Own 2016 contest being held next month will be the first time a Pwn2Own event doesn’t benefit from HPE sponsorship.

      “To us, it’s still Pwn2Own,” Brian Gorenc, senior manager of vulnerability research at Trend Micro, told eWEEK. “We always hope each contest brings us something new we haven’t seen before, but if you’ve seen the contest, it should look very familiar.”

      During the 2016 Pwn2Own browser event, which was held at the CanSecWest conference in Vancouver, ZDI awarded a total of $460,000 in prize money to researchers for publicly demonstrating new zero-day exploits in web browsers.

      The mobile Pwn2Own event will be held Oct. 26-27 at the PacSec Security Conference in Tokyo, and the total available prize pool is set to top $500,000. For the 2016 mobile event, ZDI is asking researchers to target three specific mobile devices: the Apple iPhone 6x, the Google Nexus 6p and the Samsung Galaxy Note7.

      Across all of the targeted devices, ZDI is tasking researchers with a number of challenges. The first is to obtain sensitive information from a device. ZDI is awarding $50,000 to those who exploit a device to get access to sensitive information on the iPhone or the Google Nexus. A researcher who is able to get sensitive information off a Galaxy will be awarded $35,000.

      Another challenge at mobile Pwn2Own 2016 is to install a rogue application on a targeted device. A $125,000 prize will be awarded for the installation of a rogue app on the iPhone; on the Google Nexus, the reward is $100,000; and on the Samsung Galaxy, $60,000.

      “Each phone will be running the latest operating system available at the time of the contest, and all available patches will also be applied,” Gorenc said. “This can lead to some late nights as ZDI researchers update phones in the days leading up to the contest, but we feel it’s best to have the latest and greatest targeted.”

      Gorenc said all of the targeted devices will be in their default configuration. On iOS, that means Pwn2Own contestants must target Safari, as this is the default browser and most common, realistic scenario for users of that device. In the past, Pwn2Own contestants have demonstrated many WebKit browser rendering engine related vulnerabilities. WebKit is the core rendering engine behind Safari and has many components that are also used in Google’s Chrome.

      “The threat landscape shifts so much from contest to contest that it’s hard to predict what component will be targeted,” he said. “WebKit will likely make an appearance, but we’re hoping to see some new techniques and research as well.”

      For the installation of the rogue application, Gorenc said that ZDI has no requirements for the app. “We will leave it up to the contestant to express their creativity during the public demonstration,” he said.

      iPhone Unlock

      The biggest single prize at the mobile Pwn2Own 2016 event goes to the researcher who is able to successfully force an iPhone to unlock. The challenge of unlocking an iPhone has been a hot topic in recent months. The FBI reportedly paid as much as $1.3 million to bypass the iPhone lock screen. And Apple started its own bug bounty program, with a $200,000 prize, while security firm Exodus Intelligence will pay a top prize of $500,000 for an iOS zero-day flaw.

      Gorenc believes offering $250,000 for an iPhone unlock exploit is a good size prize.

      “We feel this amount is not a bad payday for what will clearly be a significant amount of research needed to accomplish this hack,” he said. “Along with the money, the researcher will get the recognition that comes with winning Pwn2Own.”

      In the end, Gorenc said, it’s the marketplace that will let ZDI know if $250,000 is a fair price; he’s optimistic that someone will actually attempt to publicly force an iPhone to unlock.

      “Finally, by reporting this through ZDI, the bugs will actually get fixed by the vendor,” Gorenc said. “That’s better than some of the alternatives.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×