The Chinese equivalent of Pwn2Own, called the Tianfu Cup, has revealed some very concerning security exploits and compromises. Not just Microsoft Windows, but also iPhone 13 running Apple Inc.’s latest iOS 15, and Google Chrome had their vulnerabilities exposed and exploited.
Budding, enterprising, talented, and young “ethical” hackers participating in the Chinese Tianfu Cup successfully penetrated the seemingly fortified Windows OS, iOS, Google Chrome, and other digital platforms. No wonder Pwn2Own authorities have permanently banned these Chinese hackers.
Chinese hackers consistently defeat even the most secure operating systems and platforms to win the Tianfu Cup:
Competitions such as the Pwn2Own are critical for large tech companies and businesses. Talented hackers reveal security loopholes, bugs, and other vulnerabilities in popular software and digital platforms.
Tech giants accept and verify the flaws, and fix them. Winning competitors receive monetary rewards and international recognition for their talents and exploits.
China's Tianfu Cup is a display of cybersecurity talent—and force https://t.co/h1AsfMU4cT
— Bloomberg (@business) October 29, 2021
Chinese hackers participate in a very similar, but regional competition called the Tianfu Cup. The latest report from the Tianfu Cup cybersecurity contest strongly indicates that security is just an illusion.
Contestants participating in the competition successfully breached the security of a variety of devices, applications, operating systems, and digital platforms.
I will release the #Tianfucup 2021 v8 bug PoC and details before the end of 2021, Pls hold on 😀 pic.twitter.com/yetb1Xf4CJ
— maldiohead (@ma1fan) October 27, 2021
Apple Inc. is a company that prides itself on offering an unparalleled level of security to its iPhone and iPad users. However, ethical hackers at the competition demonstrated two exploits.
Concerningly, these hackers compromised the security of the latest iPhone 13 Pro running iOS 15.0.2. While one of the security breaches was a Remote Code Execution (RCE) exploit, the other was an iOS 15 Jailbreak.
Microsoft Windows 10 had five exploits, and even the Exchange platform wasn’t impenetrable. Some of the other notable mentions reportedly include Google Chrome, Adobe PDF, the Asus AX56U router, Docker CE, Parallels VM, QEMA VM, Ubuntu 20, VMware ESXi, and Workstation.
Is China stockpiling security exploits to use in cyber warfare?
Several governments have routinely expressed their concerns about the Chinese event. Concerningly, a new September 1st, 2021 Chinese law requires Chinese citizens to disclose any zero-day vulnerabilities to the government.
At the Tianfu Cup hacking competition, China showed off a talent base of aggressive hackers undeterred by blowback from international exposure of its activities. https://t.co/Q4VV0f9t88
— War on the Rocks (@WarOnTheRocks) October 29, 2021
“The Chinese government could stockpile a significant number of zero-days against widely used products in other regions and have access to the knowledge required to exploit these products before they’re successfully patched,” said Kristina Balaam, a senior security intelligence engineer at Lookout.
During the weekend of 16-17 October, Chinese hackers went on something of a rampage that saw all but three of the 15 target products breached during the exploit onslaught that was the Tianfu Cup. #cybersecurity #microsoft #chrome #securitybreach #infosec https://t.co/GjjYSWFsE0
— LiveHack.tech (@LiveHackTech) October 31, 2021
It is, however, important to note that all the security exploits that won the competition will reportedly make their way to the affected vendors. In other words, Tianfu Cup organizers will alert the victims about the security vulnerabilities.
In fact, Google has even begun patching the flaws. Other tech giants could be patching their software after receiving alerts about security flaws.