Windows 10, iOS, Chrome, and many others fall at China's top hacking contest

Winning hacker team pockets $744,500 at the Tianfu Cup, China's top hacking contest.

tianfu-cup-winners.jpg

Tianfu Cup winners: The 360 Government and Enterprise Security Vulnerability Research Institute

Image: Tianfu Cup

Many of today's top software programs have been hacked using new and never-before-seen exploits at this year's edition of the Tianfu Cup — China's largest and most prestigious hacking competition.

ZDNet Recommends

Best security keys in 2020: Hardware-based two-factor authentication for online protection

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

Held in the city of Chengdu, in central China, the third edition of the Tianfu Cup ended earlier today.

"Many mature and hard targets have been pwned on this year's contest," organizers said today. Successful exploits were confirmed against:

  • iOS 14 running on an iPhone 11 Pro
  • Samsung Galaxy S20
  • Windows 10 v2004 (April 2020 edition)
  • Ubuntu
  • Chrome
  • Safari
  • Firefox
  • Adobe PDF Reader
  • Docker (Community Edition)
  • VMWare EXSi (hypervisor)
  • QEMU (emulator & virtualizer)
  • TP-Link and ASUS router firmware
tianfu-cup-results.jpg

Image: Tianfu Cup
tianfu-cup-products.jpg

Image: Tianfu Cup

Fifteen teams of Chinese hackers participated in this year's edition. Contestants had three tries of five minutes each to hack into a selected target with an original exploit.

For each successful attack, researchers received monetary rewards that varied depending on the target they chose and the vulnerability type.

All exploits were reported to the software providers, per contest regulations, modeled after the rules of the more established Pwn2Own hacking competition that has been taking place in the west since the late 2000s.

Patches for all the bugs demonstrated over the weekend will be provided in the coming days and weeks, as it usually happens after every TianfuCup and Pwn2Own contest.

Just like last year, the winning team came from Chinese tech giant Qihoo 360. Named the "360 Enterprise Security and Government and (ESG) Vulnerability Research Institute," the winners accounted for almost two-thirds of the entire prize pool, going home with $744,500 of the total $1,210,000 awarded this year.

Ranking second and third were the AntFinancial Lightyear Security Lab and security researcher Pang.

tianfu-cup-rankings.jpg

Image: Tianfu Cup