The Pwn must go on
The flagship Pwn2Own live hacking event came to a close yesterday, but the winning team may have to wait a little longer than usual to receive their ‘Master of Pwn’ trophy, as this year the competition took place via live stream.
Pwn2Own Vancouver was due to set up camp at the CanSecWest security expo in Canada, but mounting concerns over the Covid-19 pandemic led Trend Micro’s Zero Day Initiative (ZDI) to opt instead to host the event via Zoom.
“We had previously announced contestants would be allowed to compete remotely in this year’s competition,” ZDI’s Brian Gorenc said in a blog post explaining the decision to go virtual earlier this month.
“That remains true. However, instead of ZDI researchers running the attempts in Vancouver, they will do all attempts from our office in Austin, Texas. We will be in communication with the researchers either by phone or video chat during the attempts.”
The unusual format of the event this year was apparently of little concern to returning Pwn2Own champions Richard Zhu and Amat Cama (Team Fluoroacetate), who again took the top spot in 2020.
After demonstrating how a pair of use-after-free bugs in Adobe Reader and the Windows kernel could be used to take over the target system, Zhu and Cama took first place, with the Georgia Tech Systems Software and Security Lab team coming in a close second.
“Special thanks to the Microsoft Security Response Center, Adobe Security, Apple, and Canonical for working with us on disclosure and calling in for the Zoom meetings,” ZDI tweeted last night.
“We couldn’t do this without the support of vendors with mature security response processes.”
Check out the ZDI blog to catch up on all of the exploits that were demonstrated at Pwn2Own this year.
READ MORE Pwn2Own Miami: Hackers scoop $250,000 in prizes during inaugural ICS security contest