At the Tianfu Cup 2021 held on October 16-17, 2021, a number of operating systems and products were successfully exploited using original, unreleased vulnerabilities. From Windows 10, Google Chrome, iOS 15, Apple Safari to Microsoft Exchange Server, Linux, Ubuntu 20 were hacked in the competition.
Tianfu Cup 2021 is an International Cyber Security Contest that conducted its fourth edition competition in the city of Chengdu, China. They invited cyber security professionals and researchers around the world to share their opinions on challenges faced by the digital world in the aspect of cybersecurity.
In this contest, organizers conducted three events on the subjects – the original vulnerability demonstration and recurrence contest, the product Contest, and the system Contest and challenged the participants to use original vulnerabilities to exploit the given subjects.
They offer a winning amount upto 1.5 Million US dollars to the participants for the successful exploits.
Tiana Cup is organized by the Chinese version of Pwn2Own which is started in 2018 in the response to the Chinese government regulation that restricts cyber security researchers from competing in international hacking contests due to national security concerns.
Almost all the Exploits were Successful:
The targets included in this year competition were-
- Google Chrome, running on Windows 10 21H1
- Apple iPhone 13 Pro, running on iOS 15
- Apple Safari, running on Mackbook Pro
- Windows 10
- Microsoft Exchange Server 2019
- Adobe PDF Reader
- Ubuntu 20/CentOS 8
- VMware Workstation
- VMware ESXi
- Parallels Desktop
- Docker CE
- QEMU VM
- ASUS RT-AX56U Router
- Synology DS220j DiskStation
- Domestic Mobile Phones running Android
From the above list, almost all the targets were successfully exploited with the exception of Synology DS220j DiskStation, Xiaomi Mi 11 Smartphone and an unnamed Chinese electric vehicle.
The exact details of the vulnerabilities are not disclosed yet to the public. But the companies of their respective products are anticipated and expected to release security patches in the coming weeks for these undiscovered flaws.
Cyber Security Researchers Won 1.88 million in Prize Money:
In this two-day event, cyber security researchers won $1.88 million in prize money. Among them, Kunlun Lab grabbed the top award of winning amount $654,000 for performing successful exploits for the vulnerabilities in the iOS 15, remote code execution vulnerability in the mobile Safari within 15 seconds.
The second award of winning amount $522,500 is given to the Team PangU for executing remote jailbreak on an iPhone 13 Pro, making it the first newly launched iPhone model cracked in public. In the third position, Vulnerability Research Institute (VRI) emerged and won an amount of $392,500.
Among the successful exploitation, Google Chrome was also hacked by researchers from cyber security organizations by obtaining Windows system kernel level privilege with just two vulnerabilities.
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.