Google offers over $3M for breaking Chrome OS
Posted on 29 January 2013.
With $3.14159 prize pool and a completely new target, Google's Pwnium contest has become an even greater challenge for security researchers out to make a buck from their knowledge and efforts.

The third iteration of the hacking contest is to be held during the CanSecWest security conference taking place March 6-8 in Vancouver, BC.

As one of the targets of HP’s ZDI Pwn2Own contest is Google's Chrome browser, the company has decided to make its relatively new Chrome OS the main focus of Pwnium.

Successful competitors cam look forward to $110,000 prizes for a browser or system level compromise in guest mode or as a logged-in user, delivered via a web page, or $150,000 for a compromise with device persistence - guest to guest with interim reboot, delivered via a web page.

"The attack must be demonstrated against a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack," shared Google security researcher Chris Evans.

Researchers are required to deliver the full exploit plus accompanying explanation and breakdown of individual bugs used. For partial, incomplete or unreliable exploits they will be awarded only partial rewards.

"We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems," added Evans.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th