Windows 10, iOS, Chrome, and many others fall at China’s top hacking contest

Many of today’s top software programs have been hacked using new and never-before-seen exploits at this year’s edition of the Tianfu Cup — China’s largest and most prestigious hacking competition.

Held in the city of Chengdu, in central China, the third edition of the Tianfu Cup ended earlier today.

“Many mature and hard targets have been pwned on this year’s contest,” organizers said today. Successful exploits were confirmed against:

• iOS 14 running on an iPhone 11 Pro
• Samsung Galaxy S20
• Windows 10 v2004 (April 2020 edition)
• Ubuntu
• Chrome
• Safari
• Firefox
• Adobe PDF Reader
• Docker (Community Edition)
• VMWare EXSi (hypervisor)
• QEMU (emulator & virtualizer)
• TP-Link and ASUS router firmware

Fifteen teams of Chinese hackers participated in this year’s edition. Contestants had three tries of five minutes each to hack into a selected target with an original exploit.

For each successful attack, researchers received monetary rewards that varied depending on the target they chose and the vulnerability type.

All exploits were reported to the software providers, per contest regulations, modeled after the rules of the more established Pwn2Own hacking competition that has been taking place in the west since the late 2000s.

Patches for all the bugs demonstrated over the weekend will be provided in the coming days and weeks, as it usually happens after every TianfuCup and Pwn2Own contest.

Just like last year, the winning team came from Chinese tech giant Qihoo 360. Named the “360 Enterprise Security and Government and (ESG) Vulnerability Research Institute,” the winners accounted for almost two-thirds of the entire prize pool, going home with $744,500 of the total $1,210,000 awarded this year.

Ranking second and third were the AntFinancial Lightyear Security Lab and security researcher Pang.