Tianfu Cup brings together China’s best hackers, who excelled in overseas hacking competitions like Pwn2Own
Hackers from China are some of the best in the world. But now that they've been discouraged by their government from participating in foreign hacking competitions, teams are instead converging on Tianfu Cup -- the country's most elite competitive cybersecurity event.
Over the weekend, teams from Qihoo 360 and others hacked into some of the world's most popular Wi-Fi routers, web browsers and other software.
The organizers of Tianfu Cup say the event is designed to be a Chinese version of Pwn2Own -- the big global hacking challenge that brings together security researchers from all over the world twice a year. Organizers include Baidu, Alibaba, Tencent, Qihoo 360 and other Chinese tech companies.
Just like Pwn2Own, the rules are simple. Researchers pick from targets preselected by the organizers. On contest day, participants use the exploits they've prepared to attack any vulnerabilities they discover. If they succeed in gaining control of their target, they win.
Competitions like this play an important role in improving cybersecurity. White hat hackers -- people who work with companies to patch security loopholes -- participate to find and expose bugs before they're discovered by malicious actors.
During this year's competition, researchers demonstrated three successful exploits on Microsoft Edge, two on Google Chrome and one on Apple's Safari. In the software category, they managed to compromise Microsoft Office 365 ProPlus and Adobe PDF Reader. They also took over routers made by D-Link and TP-Link.
A spokesperson for Tianfu Cup told ZDNet that all security flaws found will be shared with their respective vendors. Wenxiang Qian, a participant who hacked into Chrome, said he reported the bugs he found to Google.
@ SZ now.
I've reported all bugs (used on TFC and some hard-to-exploit bugs too) to Google, now they are working for the patch. :)
It's my first time to take a p2o-like event. It's an impressive experience.😁" Wenxiang Qian (@leonwxqian) November 17, 2019
China's hackers used to sweep prizes at international hacking contests. But since last year, they have been discouraged by the government from attending them, according to Chaitin Technology. The Chinese cybersecurity firm said it would instead shift its focus to "building a more secure cyberspace in China."
The development followed revealing comments from Qihoo 360 CEO Zhou Hongyi, who criticized Chinese hackers from taking part in international contests. He described security flaws as "important strategic resources" and said they "should stay inside China."
Despite the government directive, Chinese security researchers have been credited with helping American companies uncover flaws in their systems.
Tesla has thanked teams from Qihoo 360 and Tencent for reporting vulnerabilities between 2014 and 2018. And in 2017, the FBI in Alaska thanked Qihoo 360 for helping solve a criminal case involving malware that hacked into IoT devices.
Copyright (c) 2019. South China Morning Post Publishers Ltd. All rights reserved.
