Mobile Pwn2Own 2017 Announced, Offers Up To $100,000 For iPhone 7 Running iOS 10.3.3 Vulnerabilities
Trend Micro has announced that its annual Mobile Pwn2Own competition, in which security researchers are tasked with finding and submitting vulnerabilities in popular software in exchange for financial rewards. It will take place for the sixth year running during this year’s PacSec Security Conference in Tokyo.
The Japanese company is upping the ante this year with more than $500,000 in prize money on the table.
Trend Micro has been running the Mobile Pwn2Own initiative as part of the wider Zero Day Initiative program tasked with ensuring that security researchers not only find vulnerabilities in different operating systems, platforms, and browsers, but that they also responsibly report them to the companies who own those technologies, such as Apple, Google, and Samsung. Official representatives from Apple Inc. have previously attended the competition, with Apple having 90-days post competition to patch the discovered issues before they are released into the public domain.
The talented individuals taking part in this year’s competition will have a new set of devices that they are being asked to target. The focus has been placed on Apple’s iPhone 7 and 7 Plus, Samsung’s Galaxy S8, the Google Pixel and Pixel XL, and Huawei’s Mate9 Pro. All of those devices will be loaded up with the latest iOS or Android firmware and will all have up to date security patches installed on them. Any vulnerability found is then guaranteed to be on the latest firmware and to be relevant and important to the manufacturer.
Trend Micro will be offering various cash prizes decided by individual categories for different platforms, and will also be offering additional cash bonuses of between $20,000 and $50,000 for executing code with kernel privileges. There’s also additional money available for anyone who manages to persist their payload into an operating system after a reboot has taken place.
This is a mobile version of the Pwn2Own competition which has been running for ten years now. Those involved in this year’s version managed to find multiple vulnerabilities in macOS Sierra, which included an important Safari exploit passed across to Apple. The Mobile Pwn2Own competition will take place at this year’s PacSec Security Conference in Tokyo on Wednesday, November 1 and Thursday, November 2. It’ll be extremely interesting to see what comes of it.