White-hat hacking contests are very helpful for software and hardware manufacturers alike. In events like these, they give huge amounts of money to those who can show them vulnerabilities that can be exploited either in hardware or software. PwnFest – held in Seoul, South Korea – was one such event and it was here that the Google Pixel was again compromised after being hacked in a similar contest a week ago.
The end goal for contestants in these events is usually to gain control of a device through remote code execution. Here, Google’s brand spanking new flagship phone fell to hackers from Qihoo 360 who gained control of the smartphone via Chrome. The exploit resulted in the hackers able to take control of the device and launching Chrome which displayed a page that said, “Pwned By 360 Alpha Team”.
The Qihoo 360 team won USD$120,000 as cash prize for that specific hack. The Chrome vulnerability was patched within 24 hours of the event. The week before, in a similar event in Japan, the Google Pixel was also compromised – that time via a zero-day exploit which is still unpatched up until time of writing.
The team of white-hat hackers took home total prize money amounting to USD$520,000 – all for exposing vulnerabilities in devices and software, so that those companies can patch up those gaps and weaknesses in the security of their software of devices.
VIA: The Register UK