Войти

Chinese hackers successfully hacked the latest versions of Windows, Ubuntu, iOS and Android

3226
1
0
Image source: naked-science.ru

China hosted the largest national hackathon Tianfu Cup-a competition between teams of experts on attacks on information infrastructure. Using previously unknown vulnerabilities, participants were able to hack almost all the most modern software products.

The winner of the contest received $ 744,500 for successful attacks on Google Chrome and Mozilla Firefox browsers, as well as hacking the iOS operating systems (OS) running the iPhone 11 Pro, and Microsoft Windows 10 2004 running on the Surface Pro 5 tablet. The team has the long name 360 Enterprise Security and Government and (ESG) Vulnerability Research Institute. Its members work for a Chinese company specializing in Internet security, Qihoo 360. In total, this team took two-thirds of the total prize Fund, which was $ 1.2 million.

Qihoo 360 employees were also able to hack the enterprise virtualization software VMWare EXSi, the PDF document viewer Adobe Reader (two successful attacks), the Samsung Galaxy S20 smartphone running Android 10, the QEMU emulation software environment,and the Ubuntu 20 OS. In addition, they easily seized control of the TP-Link wdr7660 router.

Other participants also distinguished themselves — Safari browser, Docker enterprise software management system, and ASUS AX86U router "fell" under their onslaught. In addition, not only specialists from Qihoo 360 successfully coped with the hacking of the above SOFTWARE. Most targets were attacked more than once.

Table of achieved goals

Image source: Tianfu Cup

For example, the iPhone 11 was hacked in two ways, just like the Galaxy S20. And the PDF document viewer from Adobe "distinguished itself" at all — five successful attacks were made on it. A comparable number of new vulnerabilities were found only in the TP-Link router: four.

It is noteworthy that the hackathon organizers chose several more goals as the competition's disciplines, but the participants ignored some of them. The Microsoft Edge browser, the VMware Workstation custom package, and the Exchange Server 2019 system could bring teams another $ 380,000. But for some reason, they didn't waste their energy on them. Perhaps these software products are not of great interest to cybercriminals, or maybe there is simply no time left for them in the competition.

In total, 11 of the 16 goals were achieved, and the most common applications and operating systems were successfully attacked. It goes without saying that the developers of each software product received detailed information about all identified vulnerabilities.

The Tianfu Cup hackathon has been held since 2018. It was organized after the Communist Party banned Chinese cybersecurity specialists from participating in foreign professional competitions. According to its principles, the contest is similar to one of the most prestigious hacker Championships — Pwn2Own. Participants are assigned a goal: for example, to execute code with certain privileges on the attacked device. They must find a previously unknown vulnerability and implement it. For successful completion of the task, points are awarded, and then cash prizes. All detected software errors must be reported to the SOFTWARE creators.

The rights to this material belong to
The material is placed by the copyright holder in the public domain
  • The news mentions
Comments [1]
№1
12.11.2020 19:10
"Всё, что один человек построил, другой завсегда сломать может" (С)
0
Inform
Do you want to leave a comment? Register and/or Log in
ПОДПИСКА НА НОВОСТИ
Ежедневная рассылка новостей ВПК на электронный почтовый ящик
  • Discussion
    Update
  • 09.10 02:44
  • 10767
Without carrot and stick. Russia has deprived America of its usual levers of influence
  • 08.10 18:09
  • 0
Комментарий к ""Ядерный взрыв будет хорошо виден в Одессе". Чем Россия ответит на поставки Tomahawk?"
  • 08.10 16:04
  • 1
"The nuclear explosion will be clearly visible in Odessa." How will Russia respond to the delivery of Tomahawk?
  • 08.10 12:42
  • 1529
Корпорация "Иркут" до конца 2018 года поставит ВКС РФ более 30 истребителей Су-30СМ
  • 08.10 11:37
  • 1
Трамп заявил, что принял решение по ракетам Tomahawk и Украине
  • 08.10 05:09
  • 0
Комментарий к "Названа неочевидная опасность «Томагавков»"
  • 08.10 05:06
  • 3
Украина вряд ли получит ракеты Tomahawk из-за опасности конфликта РФ и США
  • 08.10 04:32
  • 3
В тему "обнуления Томагавков" и прочих БПЛА
  • 08.10 04:22
  • 1
Комментарий к "Новая система международной безопасности – ради сохранения цивилизации"
  • 08.10 03:26
  • 0
Ответ на "Диванные вояки и дипломаты-пустозвоны хотят войны (American Thinker, США)"
  • 07.10 20:04
  • 7
Для защиты заводов по переработке нефти развернули передвижные группы ПВО
  • 07.10 17:59
  • 4
The T-15 heavy infantry fighting vehicle on the Armata platform is perhaps even more necessary than a tank.
  • 07.10 17:59
  • 0
Комментарий к "В честь Дня Cухопутных войск российская армия получила новую бронетехнику (The National Interest, США)"
  • 07.10 17:35
  • 27
Российские БМПТ получили «теннисную сетку» для защиты от дронов
  • 07.10 14:29
  • 0
Новая система международной безопасности – ради сохранения цивилизации