For those who don’t know, the Tianfu Cup is considered the biggest hacking contest in China. The third rendition of the event took place in Chengdu, China, with 15 participating teams. The prize pool for the contest winners amounted to about $1.21 million.
The winning side, 360 Enterprise Security and Government and (ESG) Vulnerability Research Institute (Qihoo 360), won the competition for the second consecutive year. It took home a total of $744,500 — around two-thirds of the total prize pool — for its exploits.
Also, runner-up Ant-financial Light-year Security Lab and second runner-up Pang bagged $258,000 and $99,500 respectively.
Talking of the programs successfully breached during the hackathon, the organizers revealed, “Many mature and hard targets have been pwned on this year’s contest.” Out of the targeted programs, the following were confirmed as hacked:
- Adobe PDF Reader
- ASUS Router AX86U
- Chrome browser
- Firefox browser
- iOS 14 via iPhone 11 Pro
- QEMU (emulator & virtualizer)
- Safari browser
- Samsung Galaxy S20
- TP-Link WDR-7660
- Ubuntu 20/CentOS 8
- VMWare ESXi
- Windows 10 2004
Moreover, the teams faced three rounds of 5 minutes each for breaching a specific software with an original hack. The monetary sum for a successful attempt varied based on the software and the type of vulnerability exploited.
Additionally, as per policy, the contest organizer has reported the detected vulnerabilities to the respective software providers. The patches fixing these security risks should roll out in the coming days.