Google rounds up Pwnie prize to $π million for Chrome OS hacks

Google shoves Chrome OS in to the hacker spotlight.

Google has ‘rounded up’ the cash prize pool available to Pwnium 3 hacking contestants to $3.14159 million, or π, but hackers will need to break more than the browser to get a piece.

The pi-sized prize pool is just over $1 million larger than the $2 million up for grabs in its second Pwnie contest at the Hack in the Box conference last August. Back then, a young hacker who goes by the name “Pinkie Pie” took out the top level prize of $60,000 for delivering a “full Chrome exploit” on a fully patched Windows 7 machine running the latest release of Chrome.

The third round of its Pwnie competition will happen at CanSecWest conference on March 7 in Vancouver, Canada, but unlike previous competitions Chrome browser exploits are off the prize list.

Instead, hackers will need to develop attacks for Chrome OS -- the OS for Samsung and Acer low-cost Chromebooks -- and top individual prize levels have been raised from $60,000 to $150,000.

“We believe these larger rewards reflect the additional challenge involved with tackling the security defences of Chrome OS, compared to traditional operating systems,” Google Chrome Security Team member Chris Evans wrote in a blog post.

Contestants will be offered $110,000 for a successful exploit delivered by a web page that achieves a browser or system level compromise “in guest mode or as a logged-in user”. A $150,000 prize will be offered for a “compromise with device persistence -- guest to guest with interim reboot, delivered via a web page”.

Hackers will need to demonstrate their attacks against a Wifi-only model of Samsung’s Series 5 550 Chromebook running the latest stable version of Chrome OS. The current beta Chrome OS version 25.0.1364.46 was updated last week.

Chrome browser exploits will still get a showing at CanSecWest but will be run under HP’s Zero Day Initiative (ZDI) Pwn2Own title, for which Google has tipped in some cash.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags PwniehacksGoogle Chrome OS

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get powerful mobile security capabilities, and protect the data the various mobile devices inside your organization.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.