Trend Micro Offers $500K at Mobile Pwn2Own 2017

August 30, 2017

Trend Micro is conducting a Zero Day Initiative’s Mobile Pwn2Own contest. This year’s event will take place Nov. 1-2, during the PacSec 2017 Conference in Tokyo, Japan. The contest rewards security researchers for demonstrating and disclosing zero-day attacks on the latest and most popular mobile devices.

Contestants will be awarded cash and prizes during the competition for vulnerabilities and exploitation techniques against the most up-to-date patches in popular mobile platforms. This year’s targets include the Apple iPhone 7, Samsung Galaxy S8, Google Pixel and Huawei Mate9 Pro. Following the contest, vendors will have 90 days to produce patches for these bugs, instead of the standard 120 disclosure window. This reflects the integrity of successful exploits produced during the contest. As these are practical vulnerabilities with demonstrated applications, a shortened patch window helps provide quicker protection for the end user against potentially damaging bugs.

“This contest embodies Trend Micro’s leadership in encouraging and facilitating the discovery of zero-day vulnerabilities,” said Mike Gibson, vice president of threat research for Trend Micro. “Rewarding responsible disclosure of these bugs promotes our overarching goal of making everyone safer online. Researchers participating in the contest gain notoriety and can win a significant amount of money, and vendors are given the opportunity to patch zero-day vulnerabilities that might have otherwise wreaked havoc on their systems.”

To emphasize the importance of vigilance against these threats and responsible disclosure, this year’s event offers larger prizes than ever before, with a prize pool of more than US$500,000. The contest consists of four categories including browsers, short distance and WiFi, messaging and baseband, which is returning this year. A complete list of targets and prizes are listed below:

Categories     Target     Cash Prize    

Master of Pwn

Browser     Chrome     $50,000 (USD)     10
    Safari     $40,000 (USD)     10
    Samsung Internet Browser     $30,000 (USD)     8
Short Distance and WiFi     Bluetooth     $40,000 (USD)     8
    NFC     $50,000 (USD)     8
    WiFi     $60,000 (USD)     8
Messaging     SMS     $60,000 (USD)     12
    MMS     $60,000 (USD)     12
Baseband     *     $100,000 (USD)     20

In addition to the standard categories and prizes, there are add-on bonuses for executing code with kernel privileges and having the payload persist after a reboot. These bonuses will help contestants reach the coveted title, “Master of Pwn,” by adding additional points to their running total from each successful exploit.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement