If you are unfamiliar with the Tianfu Cup, it is one of the biggest hacking competitions in the world and the largest in China. Held in central China city Chengdu each year, the competition has become a proving ground for security researchers. It is also a place where the best tech software can test their mettle against zero-day exploits. Over the two-day event, security researchers test how popular software can handle zero-day vulnerability threats. Hackers at the Tianfu Cup are looking to exploit apps and programs with never-seen-before attacks. If they succeed a point is earned, and the researchers with the most points win prizes. Last year, Microsoft Edge was successfully breached, and it seems Windows 10 was this year.
— TianfuCup (@TianfuCup) November 8, 2020 While that’s not good news for Microsoft, the company is certainly not alone. In fact, many leading platforms and services were compromised during the event. It is worth noting companies welcome these hackathons for exposing issues in software that can be fixed before an in-the-wild exploit is made. “Many mature and hard targets have been pwned on this year’s contest,” organizers said today. The following services were successfully breached:
iOS 14 running on an iPhone 11 Pro Samsung Galaxy S20 Windows 10 v2004 (April 2020 edition) Ubuntu Chrome Safari Firefox Adobe PDF Reader Docker (Community Edition) VMWare EXSi (hypervisor) QEMU (emulator & virtualizer) TP-Link and ASUS router firmware
Fifteen Chinese hacking groups took part in the Tianfu Cup this year. Each hacker gets three five-minute windows to attempt to hack a chosen target with a never seen before exploit. All successful exploits are reported to the developer of the software and patches should be released this week. Chinese tech company Qihoo 360 won the competition for the second year (the cup is in its third year).