Pwn2Own is a hacking contest organized in Vancouver, Canada this week and this edition came with a surprising victory for a group of Chinese hackers: they “broke” Internet Explorer 11 in only 17 seconds. That’s most likely a world record, as nobody has ever hacked the rather secure systems the organizers put into Internet Explorer so fast ahead of the contest. 360Vulcan Team didn’t take away the unicorn prize of the contest with their hacking skills, but they did manage to gain a lot of attention from organizers for their feat.
Internet Explorer 11 was protected with enhanced sandbox, a full 64 bit process, EMET (Microsoft’s Enhanced Mitigation Experience Toolkit), the security mechanisms of Windows 8.1 and more. The 360Vulcan team managed to bypass all these measures and hack Internet Explorer after 17 seconds, which is remarkable. Although hacking might not be the most praised job right now, it certainly has its benefits and many developers can learn about how software works and how it is protected with hacking contests such as Pwn2Own.
The competition focuses on teams that try to hack internet browsers and they can choose from Internet Explorer, Safari, Mozilla Firefox and Google Chrome. Hackers can also work on Adobe Flash and Adobe Reader plugins if they want to. According to the contest organizers, Google Chrome and Internet Explorer are the most difficult browsers to hack right now, and that is why the 360Vulcan team is praised after the competition.
The aim behind Pwn2Own, besides hackers learning how to hack, is to demonstrate to companies like Microsoft and Google which are the security flaws that still need work to be done on them. The emphasis on security and the development of protective protocols and software design is something that the organizers of the competition are very passionate about.
To be fair, it’s no wonder that 360Vulcan managed to hack Internet Explorer so fast, since they are collaborators of the Microsoft security team working on the browser. They’ve been reporting issues to the Redmond-based company for more than 5 years now, and the company they work for, 360 Safeguard has already launched their own security-oriented app called XP Shield.