Operating systems and software are put through thorough testing before public release. That doesn’t mean flaws don’t fall through the cracks. Hackers can exploit some of those flaws, forcing the developer to issue a quick update to patch them. Tap or click here for signs your device has been hacked.
It is also not common for people who don’t work in the cybersecurity industry to discover these flaws. After all, they are professionals who have made it their job to root out vulnerabilities.
So, when a hacking contest in China revealed significant problems in popular tech, it was a stark reminder that our devices are always at risk.
Here’s the backstory
The Tianfu Cup competition is held annually in China, and this year it tasked participants to hack into some of the most commonly used tech. It’s a cybersecurity summit aiming to highlight vulnerabilities in systems while also serving as an educational and awareness platform.
The event includes lectures and cybersecurity demonstrations, but the main attraction gives ethical hackers a chance to show off their skills. Participants of the hacking competition were given 15 targets to complete, with the winner walking away with some cash prizes.
Some of the target systems or apps were:
- Google Chrome
- Apple’s Safari
- Adobe PDF Reader
- Ubuntu 20/CentOS 8
- Microsoft Exchange Server 2019
- Windows 10
- iPhone 13 Pro
Each assigned target system had a specific vulnerability that the hackers had to breach. If someone managed to perform a Remote Code Execution on an iPhone 13 Pro, they would be $120,000 richer. Perform a remote jailbreak, and the winner gets $300,000.
Hacking for the big prize
The most shocking thing the hackers found was all but three of the 15 systems or devices suffered from a successful hack.
- Using Safari to browse remote URL, control the browser or System.
- Run a specific program as an unprivileged user to escalate privileges and run the command as root in Ubuntu.
- In Windows 10, run a certain program as an unprivileged user to escalate privileges and run commands as Administrator.
- Use Chrome to browse remote URLs, control the browser or System.
- Run certain programs to penetrate through and escape from the VM system, control the host’s operating system.
It’s a fantastic opportunity to find vulnerabilities. But not everybody is thrilled with the skills of the Chinese hackers. “It’s really a way to demonstrate power. It shows you that they have the human capital to do those things,” security analyst Matan Rudis told Bloomberg.
The Tianfu Cup is China’s take on the annual Pwn2Own competition, held in Austin, Texas. Chinese hackers rarely participate in hacking events in other countries.
What you can do about it
It might take skilled hackers only a few minutes to breach your device, but that doesn’t mean you should forgo updates. Here are some ways to stay protected:
- Always update your operating system and apps to the latest available versions.
- Never download or open an attachment from an unknown email address. Also, don’t click on links found in unsolicited messages.
- Enable two-factor authentication for accounts that offer it.
It’s also critical to have antivirus software that you trust protecting all of your devices. We recommend our sponsor, TotalAV. With TotalAV, you get so much more than antivirus protection. It’s the complete package: A security suite that protects your computer and smartphone from today’s threats.
Get the Best Security Suite for 2021 and save an exclusive 80% at TotalAV.com/Kim. That’s just $19 for an entire year of protection.
Five clues that your email is part of a hack
5 steps to make sure hackers cannot access your home network and files