Chinese hacking and security penetration testing competition Tianfu Cup reveals multiple security compromises of latest OS and platforms

Chinese Tianfu Cup Pwn2Own Hacking Competition Latest
Chinese Tianfu Cup participants are banned from Pwn2Own. Pic credit: Stephen Chin/Flickr

The Chinese equivalent of Pwn2Own, called the Tianfu Cup, has revealed some very concerning security exploits and compromises. Not just Microsoft Windows, but also iPhone 13 running Apple Inc.’s latest iOS 15, and Google Chrome had their vulnerabilities exposed and exploited.

Budding, enterprising, talented, and young “ethical” hackers participating in the Chinese Tianfu Cup successfully penetrated the seemingly fortified Windows OS, iOS, Google Chrome, and other digital platforms. No wonder Pwn2Own authorities have permanently banned these Chinese hackers.

Chinese hackers consistently defeat even the most secure operating systems and platforms to win the Tianfu Cup:

Competitions such as the Pwn2Own are critical for large tech companies and businesses. Talented hackers reveal security loopholes, bugs, and other vulnerabilities in popular software and digital platforms.

Tech giants accept and verify the flaws, and fix them. Winning competitors receive monetary rewards and international recognition for their talents and exploits.

Chinese hackers participate in a very similar, but regional competition called the Tianfu Cup. The latest report from the Tianfu Cup cybersecurity contest strongly indicates that security is just an illusion.

Contestants participating in the competition successfully breached the security of a variety of devices, applications, operating systems, and digital platforms.

Apple Inc. is a company that prides itself on offering an unparalleled level of security to its iPhone and iPad users. However, ethical hackers at the competition demonstrated two exploits.

Concerningly, these hackers compromised the security of the latest iPhone 13 Pro running iOS 15.0.2. While one of the security breaches was a Remote Code Execution (RCE) exploit, the other was an iOS 15 Jailbreak.

Microsoft Windows 10 had five exploits, and even the Exchange platform wasn’t impenetrable. Some of the other notable mentions reportedly include Google Chrome, Adobe PDF, the Asus AX56U router, Docker CE, Parallels VM, QEMA VM, Ubuntu 20, VMware ESXi, and Workstation.

Is China stockpiling security exploits to use in cyber warfare?

Several governments have routinely expressed their concerns about the Chinese event. Concerningly, a new September 1st, 2021 Chinese law requires Chinese citizens to disclose any zero-day vulnerabilities to the government.

“The Chinese government could stockpile a significant number of zero-days against widely used products in other regions and have access to the knowledge required to exploit these products before they’re successfully patched,” said Kristina Balaam, a senior security intelligence engineer at Lookout.

It is, however, important to note that all the security exploits that won the competition will reportedly make their way to the affected vendors. In other words, Tianfu Cup organizers will alert the victims about the security vulnerabilities.

In fact, Google has even begun patching the flaws. Other tech giants could be patching their software after receiving alerts about security flaws.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x