Tianfu Cup 2020: Chinese hacking contest shows flaws in Chrome, Windows

The most popular tech brands got owned – Chinese hacking contest participants exploited new 0-days to break in

Tianfu Cup 2020Chinese hacking competition Tianfu Cup 2020 winners took home $744,500

The third hacking contest in China called Tianfu Cup hit its start on November 7. While it proved to be a major success as far as the event goes, it also once again proved that even the biggest players in the tech industry are not immune to break-ins. The participants of the contest managed to hack into programs developed by Google, Apple, Microsoft, Adobe, Mozilla, and others.

Tianfu Cup 2020 event organizers tweeted the following on November 8, after the competition ended:[1]

Many mature and hard targets have been pwned on this year’s contest. 11 out of 16 targets cracked with 23 successful demos.

The 11 apps that were successfully hacked are:

  • Chrome, Safari, FireFox
  • Adobe PDF Reader
  • Docker-CE, VMware EXSi, Qemu, CentOS 8
  • iPhone 11 Pro+iOS 14, GalaxyS20
  • Windows 10 2004
  • TP-Link, ASUS Router

The discovered vulnerabilities to be patched by the tech giants in the upcoming days

Tianfu Cup was established merely three years ago, basing its rules on its analog in the west – Pwn2Own competition that has been around since the early 2000s. It specializes in rounds of hacking attempts, with fifteen teams participating. Each team had three tries of five minutes to hack into predetermined applications with never-before-seen exploits.

If the team was successful in breaking into a program, it was already provided with a monetary prize, although its size varied depending on the type of vulnerability that was chosen and the target app.

Since Tianfu Cup bases its rules on the Pwn2Own event, the 0-day exploits[2] were reported to the companies representing the software that was hacked into. This means that Google, Apple, Adobe, Microsoft, and other affected tech giants will be delivering patches to software in order to prevent malicious actors from abusing the discovered vulnerabilities to cause harm to companies and users.

$744,500 was awarded to the Tianfu Cup 2020 winners Qihoo 360

Hacking events are not that uncommon anymore, with contests like Def Con[3] being established as early as 1993. Hacker conventions are great places for people in the security industry (computer security experts, government employees, lawyers, journalists, students) to talk about hacking-related topics and attempt to participate in hacking wargames. At the end of such competitions, winners and follow-ups are rewarded with monetary prizes.

Similarly to the last year, Tianfu Cup 2020 winners were awarded with $744,500 – that is a big portion of the total prize pool of $1,210,000. The competition was won by a Chinese security vendor and research company Qihoo 360 (Enterprise Security and Government and (ESG) Vulnerability Research Institute). The second place was taken by AntFinancial Lightyear Security Lab, and the third was given to a security researcher Pang.[4]

Qihoo 360 is one of the most prominent security research companies in China, continually working on new developments and publishing reports about cyber espionage operations, malware research, and other security-related topics.[5]

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions