Google Offering $20K for Chrome Pwn2Own Hack

News
By Jane McEntegart
published

It’s that time of year again!

CanSecWest takes place on March 9 and as usual, there’ll be the annual Pwn2Own hacking contest. However, this year there’s a new platform on the block -- Google’s Chrome OS -- and the search giant is happy to encourage participants to give it all they’ve got. ZDNet reports that Mountain View is offering a prize of $20,000 for the first person to crack its Chrome OS notebook via a vulnerability and sandbox escape in the Chrome browser.

As for other OSes, CanSecWest is also offering cash prizes for those who successfully exploit previously unpublished browser flaws to remotely launch code against 64-bit Windows 7 or Mac OS X machines. IT Business Edge puts these prizes at $15,000 a piece and reports that Nokia’s Symbian has been dropped from the program this year.

For the last three years running, Charlie Miller has been the first to break Safari (in 2009 he hacked it in 10 seconds). At Pwn2Own 2010, Peter Vreugdenhil, an independent researcher, exploited two vulnerabilities in IE8 to break into a machine running a fully patched version of 64-bit Windows 7. A contestant named only as Nils broke through Firefox, also running 64-bit Windows 7.

Get Google Chrome from our downloads section.

Sources:
ZDNet
IT Business Edge
Tom’s Hardware

Jane McEntegart
24 Comments Comment from the forums
  • joytech22
    It would suck if somebody managed to get into the netbook in under 5 minutes especially for Google.

    I wonder how long (or if they can) it will take to hack it :o
    Reply
  • Judguh
    There's no if. 'Will' sounds more like it.
    Reply
  • joelmartinez
    This is just gonna make the Google sad, they are gonna get pwn'd easy
    Reply
  • Blessedman
    It is funny that you can go out and hire the best programmers in the world. Hire a ton more engineers and have them all collaborate on a secure system and it will take someone with no degrees or certs 10 minutes to take complete control of a supposed secured network device. Having said that, I am going to go way way out on a limb and say that Google will not give away any money this round.
    Reply
  • palladin9479
    Well its the different mindsets involved. Paid for systems designers and engineers / programmers tend to think inside-the-box. Even their "outside the box" ideas are just using a bigger box then previously available. Its the side effects of an organized structured mind. World class hackers tend to have very unorganized unstructured minds, even though they can be very methodical their methods and tactics are usually creative and unorthodox. They try things no one else would think to do in ways no one would think were possible.
    Reply
  • amnotanoobie
    BlessedmanIt is funny that you can go out and hire the best programmers in the world. Hire a ton more engineers and have them all collaborate on a secure system and it will take someone with no degrees or certs 10 minutes to take complete control of a supposed secured network device. Having said that, I am going to go way way out on a limb and say that Google will not give away any money this round.
    They don't hack it in 10 minutes. They research prior to Pwn2Own, some take days, some months to find just one bug in the huge number of libraries and runtimes.

    Today's software are more complex, a lot more functionality is expected thus more things could go wrong.
    Reply
  • FloKid
    Wow, 20 years to learn how to crack and all you get is 30k??? That must be a typo :- )
    Reply
  • zerapio
    BlessedmanIt is funny that you can go out and hire the best programmers in the world. Hire a ton more engineers and have them all collaborate on a secure system and it will take someone with no degrees or certs 10 minutes to take complete control of a supposed secured network device. Having said that, I am going to go way way out on a limb and say that Google will not give away any money this round.Charlie Miller has a PhD in Mathematics. I'm going to go way out on a limb and say that counts as a degree.
    Reply
  • beruli
    If I were Google, I would offer $20,000 to hack my system, could you imagine what it costs them to find security flaws and holes in the system. There going to have hackers all over the world trying to hack their system for a wad of cash and then Google will turn around and fix them for a mere $20,000, money well spent if you ask me.
    Reply
  • iamtheking123
    So the going rate is $20k per single bug...yeah that's a good system *eye roll* Anyways why bother saying Charlie did a hack in 10 seconds? It's not like he actually sat down and discovered the exploit in 10 seconds, it just too him 10 seconds to hit play.
    Reply