The annual Pwn2Own 2016 contest has wrapped up and it revealed some interesting security information. If you aren't familiar with this contest, hackers and security researchers at the CanSecWest security conference compete for prize money by breaking into computers using previously unknown exploits.
The benefit of this contest is the hackers get money - one hacker won $145,000 this year - and the software developers involved learn about weak spots in their programs that they need to fix. And, most importantly, the rest of us get a little safer. Of course, it might not feel that way when you learn how far the contestants got.
For this year's contest, hackers had to go up against fully patched Windows 10 and OS X El Capitan systems, and they had to attack through a Web browser. They rose to the task, however, and managed to take control of both machines multiple times.
To do that, they exploited flaws in Safari, Microsoft Edge, Adobe Flash and Google Chrome (Firefox wasn't included this year). Once they were into the system, they then attacked unknown flaws in Windows and OS X themselves to take full control. That's the bad news.
The good news is how complex the attacks were. No team was able to exploit one flaw and take control. Many of the attacks needed four or more flaws working together to take control. That means browser and OS security is getting better.
Of course, there are other takeaways for the rest of us:
- Keep your browser and operating system updated. While the hackers got through fully updated systems, they had to work hard at it. They could have taken over older and unpatched systems with much less trouble.
- Several of the attacks relied on weaknesses in Adobe Flash. Disabling Flash in your browser, or making it click-to-play, can provide a nice security boost.
- Neither computer had security software installed. It would have made things even harder for the hackers if they'd had to go around another substantial layer of security. So, be sure you have up-to-date security software installed. That means you too, Mac users.