This year marks the fourth annual Pwn2Own contest held by the TippingPoint Zero Day Initiative (ZDI). Once again the contest will be held in Vancouver at the CanSecWest security conference on March 24th, 2010.
The total cash prize up for grabs is $100,000 USD. In a nutshell security experts that are able to hack and exploit web browsers and mobile phones, will get to win cash and prizes. The iPhone is among a group of smartphones included in the contest. Here is the prize breakdown:
$60,000 of the total $100,000 cash prize pool is allotted to the mobile phone portion of the contest, each target is worth $15,000. A successful hack on these targets must result in code execution with little to no user-interaction. Expect updates on the rules as the contest approaches.
The current target list is as follows:
Apple iPhone 3GS
RIM Blackberry Bold 9700
A Nokia device running Symbian S60 (likely the E62)
A Motorola phone running Android (likely the Droid)
…the remainder will focus on exploiting major web browsers:
$40,000 of the total $100,000 cash prize pool is allotted to the web browser portion of the contest, each target is worth $10,000. The browser targets this year will include the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari.
To highlight the efficacy of operating system level protections we have structured the ZDI bonus point amounts to reflect the difficulty of exploitation. Once a target has been successfully compromised it will be removed from the competition. Thus, a successful day one attack on a specific browser must overcome the latest and greatest flagship operating system with all exploit mitigations activated in their default state.
What Smartphone Will Be the First to Fall?
Get your vote in before March 24th! What phone will get exploited first?
With recent seeds of beta OS X 10.6.3 to developers, Apple might be waiting till the Pwn2Own contest is over before releasing any new updates to OS X and iPhone OS.