Virtualization Technology News and Information
Pwn2Own Contest Offers a $75K Bounty for Hacking VMware Workstation


The annual Pwn2Own hacking contest returns next month to the CanSecWest security conference and researchers are going up against the most popular browsers and operating systems, challenged with finding and exposing exploits.  

For this year's contest, participants will be asked to exploit Microsoft Edge or Google Chrome on fully patched versions of 64-bit Windows 10 and Apple Safari on OS X El Capitan.  

Exploiting Google Chrome or Microsoft Edge will earn hackers a $65,000 prize, while exploiting Apple Safari on Mac will earn a payout of $40,000.  Achieving system-level access on Windows or root access on Mac OS X would bring an additional bonus of $20,000 to the pot.

In a recent blog post, HPE's vulnerability research manager Brian Gorenc said that since the inception of the competition back in 2007, Pwn2Own has increased the challenge level at each new competition.  And this year will be no exception.

Something new to this year's event -- contestants will be given the opportunity to expose a Windows environment that runs as a guest OS in a virtual machine running on VMware Workstation.  And although breaking out of the virtual machine itself is not mandatory, those who figure out how to do so could earn themselves an additional $75,000.

"This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it," said Gorenc.

Exposing any new vulnerabilities right now in the VMware Workstation product adds an interesting twist as it was just recently announced in January that VMware had laid off 800 people, many of whom were members of the company's "Hosted UI" team -- the developers who were directly responsible for the company's Workstation and Fusion desktop virtualization products.  Exposing any security problems within the widely used and extremely popular Workstation product at this stage could prove devastating what with the loss of the company's brain power and subject matter experts of that platform.

You can also imagine, once Workstation's virtualization layer is compromised, the groups next challenge will be to move on to VMware vSphere and then look towards the cloud.

As part of the contest, the event has issued a warning for contestants, stating:

A successful entry in the contest should leverage a vulnerability to modify the standard execution path of a program or process in order to allow the execution of arbitrary instructions.

"The entry is required to defeat the target's techniques designed to ensure the safe execution of code, such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and application sandboxing. The resulting payload should be executing in an elevated context (for example, on Windows-based targets, Medium integrity level or higher)," said Gorenc.

He continued, "The vulnerability or vulnerabilities used in each attack must be unknown, unpublished, and not previously reported to the vendor. A particular vulnerability can only be used once across all categories. A successful remote attack against these targets must require no user interaction beyond the action required to browse to the malicious content and must occur within the user's session with no reboots, or logoff/logons."

The full set of rules for Pwn2Own 2016 is available here

Published Friday, February 12, 2016 4:38 PM by David Marshall
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2016>