In the Tianfu Cup 2020 International Cybersecurity Contest, 15 teams of professional hackers participated with the purpose of finding unknown vulnerabilities and hacking them.
To do what they have to do, the team had three chances, five minutes each.
The contestants would then receive rewards for each successful attack, with the amount they can earn depended on the objective and the type of vulnerability.
And here, one of the hacker teams managed to breach an iPhone 11 Pro with iOS 14 installed, in just 10 seconds.
The hacking team earned the Most Valuable Product Cracking Award, and alongside another hacking team that was made up of professionals from the Ant-Financial Light-Year Security Lab and the Government and Corporate Security Vulnerability Research Institute (Qihoo 360) that won First Prize of Best Product Cracking Award, both received the total amount of $180,000.
Applause to another big winner on target iPhone 11 pro+iOS14. $180,000 granted! @S0rryMybad @realBrightiup https://t.co/g51eVoIdqn
— TianfuCup (@TianfuCup) November 8, 2020
In TianfuCup 2020, the targets the contestants needed to hack, include:
- Microsoft Edge: Contestants needed to use the browser to browse remote URL, to then control the browser or System.
- Google Chrome: Contestants needed to use the browser to browse remote URL, to then control the browser or System.
- Apple Safari: Contestants needed to use the browser to browse remote URL, to then control the browser or System.
- Mozilla Firefox: Contestants needed to use the browser to browse remote URL, to then control the browser or System.
- Adobe PDF Reader: Contestants have to use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System.
- Docker-CE: Contestants have to escape from the container, achieve code execution with root permission on the OS
- VMware Workstation: Contestants have to run certain programs to penetrate through and escape from the VM system, control the host's OS.
- VMware ESXi: Contestants have to run certain programs to penetrate through and escape from the VM system, control the host's OS.
- Ubuntu + qemu-kvm: Contestants have to use the command
sudo apt-get install qemu-kvm virt-managerand use default configurations to install the guest system. - Apple iPhone 11 Pro + iOS 14: Contestants needed to use the phone to browse remote URL, and control the phone. This target requires the PAC mitigation.
- Samsung Galaxy S20: Contestants have to use the phone to browse remote URL, escape the browser sandbox and control the phone system.
- Microsoft Windows 10 2004: Contestants have to run certain program as an unprivileged user to escalate privilege and run command as Administrator.
- Ubuntu 20/CentOS 8: Contestants must run certain program as an unprivileged user to escalate privilege and run command as root.
- Microsoft Exchange Server 2019: Contestants have to connect to remote server and achieve remote code execution on the target.
- TP-Link WDR7660: Contestants have to achieve code execution on the remote device from LAN.
- ASUS Router AX86U: Contestants have to achieve code execution on the remote device from LAN.