Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Many popular OS and applications have been hacked during this year’s edition of the Tianfu Cup hacking competition.

This year’s edition of the Tianfu Cup hacking competition was very prolific, bug bounty hackers have discovered multiple vulnerabilities in multiple software and applications.

The Tianfu Cup is the most important hacking contest held in China, the total bonus of the contest this year was up to 1 million US dollars.

The third edition of the competition ended today and the winning team earned a total of $744,500.

The participants successfully tested their exploits against the following software:

• iOS 14 running on an iPhone 11 Pro
• Samsung Galaxy S20
• Windows 10 v2004 (April 2020 edition)
• Ubuntu
• Chrome
• Safari
• Firefox
• Adobe PDF Reader
• Docker (Community Edition)
• VMWare EXSi (hypervisor)
• QEMU (emulator & virtualizer)
• TP-Link and ASUS router firmware

This year fifteen teams of Chinese hackers took part in the competition, each team had three tries of five minutes to demonstrate a working exploit against a specific target.

Working exploits were already reported to software vendors that will address the vulnerabilities discovered by the experts in the coming weeks.

The team named “360 Enterprise Security and Government and (ESG) Vulnerability Research Institute,” which is part of the Chinese tech giant Qihoo 360, won the competition. The winning team earned $744,500 of the total $1,210,000 jackpot.

At the second place there is the AntFinancial Lightyear Security Lab followed by the security researcher Pang.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Tianfu Cup)

[adrotate banner=”5″]

[adrotate banner=”13″]