$10K Hacker Contest for Browsers and Mobiles at CanSecWest

By Editor Wireless and Mobile News on February 26, 2009 11:03 AM

Tipping Point's Zero Day Initiative (ZDI) will be sponsoring the Pwn2Own hacking contest for the 3rd time. It will be held during the CanSecWest Security Conference March 16-20th in Vancouver, BC. Hackers are invited to crack into browsers and mobile device for the chance to win $10,000 and the actual devices along with one year of phone service if a phone is a hacked.

Device and software makers don't have to worry because, ZDI will purchase all winning vulnerabilities and hand them over to the affected vendors, and coordinate public disclosure.

The Zero Day Initiative will pay $5000 per browser bug, and $10,000 per mobile bug. The first person to crack any of the mobile devices will also get to keep that device along with a one year phone contract. The first person to crack any of the browsers will get to keep the laptop it was running on. All winners will be asked to sign and agree to the general ZDI Non Disclosure Agreement.

The contestant may only win one prize per flaw (e.g. if he is able to pwn a browser and a mobile device using the same flaw, he has to choose one to go after). Winning entries against the browsers include exploits which require no user interaction outside of a single click on a malicious link.

Winning scenarios against the mobile devices include attacks that can be exploited via email, SMS text, website browsing and other general actions a normal user would take while using the device. Physical access will not be granted to the mobile devices, and proving successful exploitation of one of the mobile devices will be verified by our team of hardware hacker judges on the ground at the event.

If more than 5 people win prizes, we will offer additional "Bonus" prizes of an extra $5,000 that will be awarded this year for Most Interesting Browser flaw, Most Interesting Mobile Device Flaw, and Best in Show.