Google today announced the hosting of the fourth Pwnium competition in which Google will be giving out serious cash to hackers to break/hack ARM based Chromebooks and Intel Chromebooks. Readers may note that Google had returned to sponsoring Pwnium or Pwn2Own in 2013 and the rules were changed to require full disclosure of exploits and techniques used. The 2013 Pwnium Google’s own browser Chrome in addition to Internet Explorer and Firefox, along with Windows 8 and Java, were exploited.
The Pwnium 4, will take place in the month of March 20140 at the CanSecWest security conference in Vancouver, Canada. This year’s Pwnium will focus entirely on Chrome OS. Google will be offering a huge prize money of $ 2.71828 million to all kinds of hackers, security researchers, security analysts including white hat hackers.
Google is giving Pwnium rewards for eligible Chrome OS exploits at the following levels:
$110,000 USD: browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.
$150,000 USD: compromise with device persistence: guest to guest with interim reboot, delivered via a web page.
Giving the above info in the Chromium Blog post, Jorge Lucángeli Obes, Google Security Engineer and Master of Ceremonies said that Pwnium rewards will be offered at a number of levels. Hackers who can demonstrate browser or system-level compromises in guest mode or as a logged-in user, delivered via web pages, are eligible for rewards of up to $110,000. In the next category, Google will be offering $150,000 to hackers who can find Chrome OS exploits with “device persistence,” guest-to-guest access with interim rebook and delivery via web pages.
Other than above, Google will also be offering cash rewards to hackers who devise impressive or persistent exploits, such as defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process. To show off their hacking exploits, hackers can choose between an ARM-based Chromebook > Model HP Chromebook 11 or an Intel-based Chromebook > model Acer C720 Chromebook. Hackers have to demonstrate their wares against these devices which will be running on the most stable version of Chrome OS.
If you are a hacker, ethical hacker, white hat hacker or security and research analyst, you can send a email here. Remember you have only upto 5.00 pm PST (6.30 am IST) on 10th March 2014 to register your self. You have to agree to the standard rules and regulations of Pwnium which can be read here.
So if you have already found a bug in the Chrome OS run Chromebook you can give it a try.
