Simplicity is always the ultimate sophistication. Whoever uttered these wise words had a crystal view of the future where big corporations like Apple, Adobe and Microsoft always compete for sophistication. This complexity is making security experts and hackers gain more and more unauthorized access by taking advantage of loop holes through fancy additions.
At the annual Pwn2Own hacking contest, it took less than 24 hours for hackers to demonstrate convincingly that some tech software companies like Ubuntu, Adobe, Microsoft and Apple need to work more on securing their systems. The Pwn2Own hacking contest draws bug hunters from all over the world. They are given a platform to test their skills by intruding and pointing out weakness in software and security systems. It is a Zero Day Initiative and takes place annually in Vancouver.
This hacker’s convention is usually an all rounded affair. Exploits are divided into five different groups with different prize money. For impressive hackers who will take down or attain system level access in big “impenetrable” platforms, they will walk away with the Pwn2Own $1M prize.
To win the $1M prize means the hacker(s) in question should possess exceptional skills. In fact these skills are already on display. The hacker groups who took down Adobe Reader leveraged on window kernel flaws to attain system level access. The other group accessed the fancy Touch bar in Mac Pro by identifying weakness in Safari. Mac Pro’s Touch Bar is run simultaneously by a T1 chipset and WatchOS. The T1 chipset also double up as a security feature for the front facing camera and Touch ID. Both attacks stemmed from rooting and executing random codes on the MacOS.
A major take away from this convention is the security of Chrome as a web browser. You can always trust Google and Chrome to keep your personal details safe courtesy of its sandbox mechanism. Even though hackers from Tencent were able to hack Microsoft Edge. It was not a direct compromise because they by-passed Sandbox by using a secondary bug.
Contests like this provide an important insight for software designers because of the collaboration aspect between Pwn2Own hackers and organizers. Take for example the intrusions demonstrated in Edge, Adobe Reader and Touch Bar. Software designers from these respective vendors will be notified of the flaw. From there they will take the necessary security steps to patch up the flaw.