Войти

Chinese hackers successfully hacked the latest versions of Windows, Ubuntu, iOS and Android

2982
1
0
Image source: naked-science.ru

China hosted the largest national hackathon Tianfu Cup-a competition between teams of experts on attacks on information infrastructure. Using previously unknown vulnerabilities, participants were able to hack almost all the most modern software products.

The winner of the contest received $ 744,500 for successful attacks on Google Chrome and Mozilla Firefox browsers, as well as hacking the iOS operating systems (OS) running the iPhone 11 Pro, and Microsoft Windows 10 2004 running on the Surface Pro 5 tablet. The team has the long name 360 Enterprise Security and Government and (ESG) Vulnerability Research Institute. Its members work for a Chinese company specializing in Internet security, Qihoo 360. In total, this team took two-thirds of the total prize Fund, which was $ 1.2 million.

Qihoo 360 employees were also able to hack the enterprise virtualization software VMWare EXSi, the PDF document viewer Adobe Reader (two successful attacks), the Samsung Galaxy S20 smartphone running Android 10, the QEMU emulation software environment,and the Ubuntu 20 OS. In addition, they easily seized control of the TP-Link wdr7660 router.

Other participants also distinguished themselves — Safari browser, Docker enterprise software management system, and ASUS AX86U router "fell" under their onslaught. In addition, not only specialists from Qihoo 360 successfully coped with the hacking of the above SOFTWARE. Most targets were attacked more than once.

Table of achieved goals

Image source: Tianfu Cup

For example, the iPhone 11 was hacked in two ways, just like the Galaxy S20. And the PDF document viewer from Adobe "distinguished itself" at all — five successful attacks were made on it. A comparable number of new vulnerabilities were found only in the TP-Link router: four.

It is noteworthy that the hackathon organizers chose several more goals as the competition's disciplines, but the participants ignored some of them. The Microsoft Edge browser, the VMware Workstation custom package, and the Exchange Server 2019 system could bring teams another $ 380,000. But for some reason, they didn't waste their energy on them. Perhaps these software products are not of great interest to cybercriminals, or maybe there is simply no time left for them in the competition.

In total, 11 of the 16 goals were achieved, and the most common applications and operating systems were successfully attacked. It goes without saying that the developers of each software product received detailed information about all identified vulnerabilities.

The Tianfu Cup hackathon has been held since 2018. It was organized after the Communist Party banned Chinese cybersecurity specialists from participating in foreign professional competitions. According to its principles, the contest is similar to one of the most prestigious hacker Championships — Pwn2Own. Participants are assigned a goal: for example, to execute code with certain privileges on the attacked device. They must find a previously unknown vulnerability and implement it. For successful completion of the task, points are awarded, and then cash prizes. All detected software errors must be reported to the SOFTWARE creators.

The rights to this material belong to
The material is placed by the copyright holder in the public domain
  • The news mentions
Comments [1]
№1
12.11.2020 19:10
"Всё, что один человек построил, другой завсегда сломать может" (С)
0
Inform
Do you want to leave a comment? Register and/or Log in
ПОДПИСКА НА НОВОСТИ
Ежедневная рассылка новостей ВПК на электронный почтовый ящик
  • Discussion
    Update
  • 22.12 10:58
  • 1
Еще немного в тему о танках (конечно, не без повторений :))
  • 22.12 07:53
  • 6569
Without carrot and stick. Russia has deprived America of its usual levers of influence
  • 22.12 07:45
  • 1
China has shown the launch of hypersonic drones from air carriers
  • 22.12 05:32
  • 58
Lessons from Syria
  • 22.12 03:15
  • 1
Немного о терминах.
  • 21.12 20:11
  • 2756
Как насчёт юмористического раздела?
  • 21.12 13:44
  • 8543
Минобороны: Все авиаудары в Сирии пришлись по позициям боевиков
  • 21.12 13:42
  • 1
Израиль нанес массированные авиаудары по Йемену
  • 21.12 13:02
  • 1
Путин заявил, что если бы и изменил решение о начале СВО в 2022 г., то в том, что его нужно было принимать раньше
  • 21.12 02:42
  • 1
Ответ на "Оружие, спровоцировавшее новую гонку ядерных вооружений, — в которой побеждает Россия (The Telegraph UK, Великобритания)"
  • 20.12 17:19
  • 1
РХБЗ: теория или практика
  • 20.12 16:07
  • 0
В системе стандартов серии ISO 55000 прошло масштабное обновление в 2024 году
  • 20.12 09:18
  • 0
Азиатский кейс Беларуси
  • 20.12 08:47
  • 0
Ответ на "В ЦРУ оценили легендарный Т-34. Как принципы производства советского танка влияют на СВО"
  • 20.12 05:07
  • 1
Israel forces new Syria to revive Arab military art