Google Prepares $2.7M / €2M for Those Who Hack Chrome OS at Pwnium 4


Pwnium 4 participants can demonstrate their exploits on Acer C720 Chromebook or  HP Chromebook 11

Google has announced that the fourth edition of the Pwnium contest will take place in March at the CanSecWest security conference. The search engine giant has prepared a total of $2.71828 million (€2 million) for those who manage to hack Chrome OS.

Pwnium 4 will focus on Chrome OS. Anyone who finds a “browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page” will be rewarded with $110,000 (€80,000). Contestants will be rewarded with $150,000 (€109,000) for “compromise with device persistence: guest to guest with interim reboot, delivered via a web page.”

Unlike previous editions of Pwnium, this time, Google is also prepared to hand out bonuses for particularly impressive or surprising exploits. Exploiting the kernel directly from the renderer process, exploiting memory corruption in the 64-bit browser process, or defeating the kASLR fall into this category.

Participants will also be allowed to choose between the Acer C720 Chromebook (Intel Haswell) and HP Chromebook 11 (ARM). Up until Pwnium 4, the competition focused on Intel-based Chrome OS devices.

“Any software included with the default installation may be used as part of the attack,” Google Security Engineer Jorge Lucángeli Obes explained.

“For those without access to a physical device, the Chromium OS developer’s guide offers assistance on getting up and running inside a virtual machine, but note that a virtual environment might differ from the physical devices where the attack must be demonstrated.”

Those who want to participate must register by sending an email to security@chromium.org until March 10, 2014, 5:00 PM PST.

And in case you’re wondering why the total prize money is $2.71828 million, it’s because 2.71828 is the approximate value of the “e” mathematical constant.

The official rules are available on chromium.org.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s