Chrome, Edge, Safari hacked at elite Chinese hacking contest

tianfu-cup-results.jpg
Image: Tianfu Cup

China’s top hackers have gathered this weekend in the city of Chengdu to compete in the Tianfu Cup, the country’s top hacking competition.

Over the course of two days — November 16 and 17 — Chinese security researchers will test zero-days against some of the world’s most popular applications.

The goal is to exploit and take over an app using never-before-seen vulnerabilities. If attacks succeed, researchers earn points towards an overall classification, cash prizes, but also the reputation that comes with winning a reputable hacking competition.

The Tianfu Cup’s rules are identical to what we see at Pwn2Own, the world’s largest hacking contest. The two events are more tied than most people know.

Prior to 2018, Chinese security researchers dominated Pwn2Own, with different teams winning the competition years in a row. Now, all that talent is going against one another.

In the spring of 2018, the Chinese government barred security researchers from participating in hacking contests organized abroad, such as Pwn2Own. The TianfuCup was set up a few months later, as a response to the ban, and as a way for local researchers to keep their skills sharp. The first edition was held in the fall of 2018 to great success, with researchers successfully hacking apps like Edge, Chrome, Safari, iOS, Xiaomi, Vivo, VirtualBox, and more.

Day 1 victims: Chrome, Edge, Safari, Office 365

The competition’s first day was its busiest, with 32 hacking sessions scheduled on Saturday. Of these, 13 were successful, seven hacking sessions failed, and in 12 sessions security researchers abandoned exploitation attempts, for various reasons.

Of the successful sessions, Tianfu Cup organizers reported successful hacks of:

  • (3 successful exploits) Microsoft Edge (the old version based on the EdgeHTML engine, not the new Chromium version) [tweet]
  • (2) Chrome hacks [tweet]
  • (1) Safari [tweet]
  • (1) Office 365 [tweet, tweet]
  • (2) Adobe PDF Reader [tweet]
  • (3) D-Link DIR-878 router [tweet]
  • (1) qemu-kvm + Ubuntu [tweet, tweet]

After the first day, Team 360Vulcan, a former Pwn2Own winner, is in the lead.

In the past, many software vendors have begun to attend hacking competitions, where they send representatives to pick up vulnerability reports minutes after a hacking session ends — with some vendors shipping patches within hours.

There were few vendors at Tianfu Cup; however, with many high-profile successful exploits being recorded in the competition’s first two editions, many companies will most likely begin considering sending a representative next year. Google had members of the Chrome security team on site. A Microsoft spokesperson acknowledged our email, but could not reply before this article’s publication.

A competition spokesperson told ZDNet today that organizers plan to report all bugs discovered today to all respective vendors at the competition’s end.

Day 2: TBD

At the time of writing, day two of the Tianfu Cup has not yet started. We will update this piece with Day 2’s results, when available.

Sixteen exploitation attempts have been announced for Day 2, such as Ubuntu, Windows Server, VMWare Workstation, and iPhone 11 [see image at the top of the article].

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 65,970.00
ethereum
Ethereum (ETH) $ 4,342.74
binance-coin
Binance Coin (BNB) $ 494.70
cardano
Cardano (ADA) $ 2.29
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 192.27
xrp
XRP (XRP) $ 1.16
polkadot
Polkadot (DOT) $ 44.82
dogecoin
Dogecoin (DOGE) $ 0.256982
usd-coin
USD Coin (USDC) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 65,970.00
ethereumEthereum (ETH)
$ 4,342.74
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 653.13
litecoinLitecoin (LTC)
$ 210.20
bitcoinBitcoin (BTC)
56.620,40
ethereumEthereum (ETH)
3.727,27
tetherTether (USDT)
0,858275
bitcoin-cashBitcoin Cash (BCH)
560,57
litecoinLitecoin (LTC)
180,41
bitcoinBitcoin (BTC)
47,872.78
ethereumEthereum (ETH)
3,151.42
tetherTether (USDT)
0.725675
bitcoin-cashBitcoin Cash (BCH)
473.96
litecoinLitecoin (LTC)
152.54

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin65,217 1.56 % 2.11 % 13.44 %
Ethereum4,308.4 0.18 % 11.36 % 19.49 %
Binance Coin494.23 0.33 % 1.66 % 5.25 %
Cardano2.270 0.94 % 5.66 % 3.57 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana191.27 0.08 % 20.36 % 28.89 %
XRP1.150 0.18 % 4.33 % 2.33 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2557 0.11 % 4.83 % 9.86 %
USD Coin1.000 0.14 % 0.20 % 0.17 %

bitcoin
Bitcoin (BTC) $ 65,970.00
ethereum
Ethereum (ETH) $ 4,342.74
binance-coin
Binance Coin (BNB) $ 494.70
cardano
Cardano (ADA) $ 2.29
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 192.27
xrp
XRP (XRP) $ 1.16
polkadot
Polkadot (DOT) $ 44.82
dogecoin
Dogecoin (DOGE) $ 0.256982
usd-coin
USD Coin (USDC) $ 1.00