- old version
- Tel: +86 18958007123,+86 17767072959
- E-mail:admission@cuecc.com
The 2016 edition of Mobile Pwn2Own has concluded in Tokyo, Japan. With multiple successful exploits, Tencent Keen Security Lab Team claimed the title of the Master of Pwn with 45 points and a cash prize of $215,000 in total.
On Tencent Keen Security Lab Team are two students from Zhejiang University—He Qidan who graduated from Zhejiang University and is currently working in Tencent Keen Security Lab and Liu Gengming who is a senior majoring in information security.
Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference, beginning in 2007. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.
In the 2016 edition, the contestants demonstrated some unique attacks against the iPhone 6S, Nexus 6P and Galaxy s7. By the end of the day, researchers showed how phones—even while running the latest software and patches—could have a rogue application installed and pictures or data stolen.
The competition started with Tencent Keen Security Lab Team targeting a Google Nexus 6P. Their attempt to install a rogue application succeeded. They tallied up $102,500 and 29 points towards the Master of Pwn.
Next, Tencent Keen Security Lab Team targeted the iPhone 6S with a rogue application. The app was installed, but it didn’t persist after a reboot of the phone. As such, this only counts as a partial success. Still, they used some interesting bugs that should be fixed. These bugs earned them a $60,000 award but no Master of Pwn points.
The final entry saw Tencent Keen Security Lab Team target the iPhone 6S to leak photos. They combined a use-after-free (UAF) bug in the renderer and a memory corruption bug in the sandbox to steal a photo from the phone. This earned the team another $52,500 and, thanks to style points for sniper and stealth, another 16 point towards the Master of Pwn.
With two successful attempts and one partial success, Tencent Keen Security Lab Team was awarded the title of the Master of Pwn with the total winning of $215,000 and 45 points.
(taken from Zhejiang Unievrsity Official Website)
