Hacked in 60 Seconds

  • The Google Pixel and Pixel XL (courtesy: Maurizio Pesce)

White hat hackers just made legal money at PWNFEST 2016 in Seoul by hacking the Google Pixel smartphone, the Microsoft Edge browser running on Windows 10, and the Safari browser running on the MacOS Sierra. The PWNFEST is a hacking competition where white hats attempt to exploit vulnerabilities on various Operating Systems and programs.

The Qihoo 360 team used a zero-day vulnerability to launch Play Store and the Chrome mobile browser on the Android Operating System before displaying  “Pwned by 360 Alpha Team” on the Pixel smartphone. The Qihoo 360 Team’s Remote Code Execution was done within 60 seconds, the Qihoo team and South Korean security researcher JungHoon “Lokihardt” Lee also collaborated on an exploit on the Microsoft Edge browser running on  a 64-bit version of Windows 10 by running a Remote Code Execution. The browser was hacked two times, with one exploit reportedly taking just 18 seconds to execute by the team.

Another notable exploit was by Pangu (a team of white hats reputable for various iOS jailbreaks) and JH hackers who executed an exploit on the Safari browser running on MacOS Sierra, this exploit gave them root access to the Operating System. The Qihoo team was awarded $120,000 for their exploit on the Google Pixel smartphone, and $140,000 on their collaboration with Lokihardt to hack the Microsoft Edge browser. Pangu and JH hackers took home the $100,000 prize for their exploit on the Safari browser running on MacOS Sierra.

Details of the hacks have been sent to the affected companies to patch the vulnerabilities, it is interesting to note that the exploits were all done on the latest versions of programs and Operating systems on the various platforms.