PWNoRAMA competition will offer $100,000 for hacking iPhone 6s and $400,000 for other hacks
White hat hackers and security researchers love hacking competition. Not only does it give them a opportunity to showcase their talent, it also pays them good prize money. This competition may be the biggest as far as prize money is concerned. Coseinc has announced a hacking competition,PWN0RAMA for them.
PWNoRAMA will take place in Singapore between 23 and 24 March and the organisers are giving a total prize money of $500,000 for hacking a number of smartphone. The top prize of $100,000 is however reserved for the crown jewel from Apple. The $100,000 will go to the hacker who can exploit iOS at its deepest kernel level through Safari browser.
Target smartphones are give as below
- iPhone 6s
- iPhone 5c
- Galaxy Note 5
- Galaxy S6
- Nexus 6P
- LG G4
- HTC One M9
- Sony Experia Z5
- BlackBerry Leap
- Lumia 950
The prizes are as follows :
- Mobile Web Browsers
- Safari on iPhone
- Safari on iPhone 6S $30,000
- Safari on iPhone 5C $20,000
- Chrome on Android $80,000
- BlackBerry Browser $30,000
- Windows Mobile Browser $30,000
- Safari on iPhone
- Sandbox Escape / Local Privilege Escalation
- Chrome browser (Android) context to un-sandboxed non-root context $20,000
- Chrome browser (Android) context to root context $60,000
- Safari browser context to un-sandboxed context $30,000
- Safari browser context to kernel (iOS) context $100,000
- BlackBerry browser context to root context $30,000
- Windows Mobile browser (Edge) context to Root context $40,000
- WiFi (No User Interaction) $75,000
- No/Minimal Interaction Remote Attacks (SMS/MMS/…) $100,000
- Code execution in the baseband context $75,000
- Jumping from baseband code execution context to application processor execution context $75,000
Coseinc will award $100,000 to the hacker who can compromise a target phone with little to no interaction from the user like the Stagefright vulnerability which could exploited through a specially crafted MMS message.
There is a small condition to the PWNoRAMA. Coseinc will not be disclosing the hacking PoC with Apple, Google and other smartphone makers listed above until six months after the competition.
Coseinc chief Thomas Lim gave the reasons as, “We are paying out in six monthly instalments to prevent the hackers from selling the same exploits to other parties after taking the prize money.”
Coseinc will also be offering certain bonuses.
- Performance Bonuses
- Reliability: If exploit runs successfully 8 or more times out of 10 tries, a bonus price of 0.4x(basic-prize) will be added on top of the basic-prize.
- Fast execution: If exploit finishes in under 10 seconds, a bonus price of 0.3x(basic-prize) will be added on top of the basic-prize.
- Generic: If exploit works on at least 3 of the listed target devices, a bonus price of 0.3x(basic-prize) will be added on top of the basic-price.
- Complete solution: If a complete “remote jailbreak” exploit chain is presented, a bonus price of 0.3x(basic-prize) will be added on top of the basic-prize. Remote jailbreak is the combination of Remote+Sandbox escape to root context.
- Baseband exploit triggered from a public network: a bonus prize of 0.4x(basic-prize) will be added on top of the basic price.
Interested, fill the registration form over here and head over to Singapore on 23rd March, 2016.