Pwn2Own is a hacking contest sponsored by the HP Digital Vaccine Labs (HP DVL), which is a research organization specializing in the analysis of security vulnerabilities. The objective of the contest is to help vendors develop patches for better security, as well as filters for better customer protection. HP’s Converged Infrastructure focuses on advanced data protection in the integration of data center technologies towards improved flexibility and scalability, in the cloud computing world.
In a statement, Dan Holden, director of HP DVL, said that sponsoring the Pwn2Own contest for the fifth consecutive year enables HP to remain on the leading edge of the security industry. This helps them to offer clients unique protection against malicious attacks. This year, the Pwn2Own contest covered Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Google Chrome as well as 4 mobile devices, including the Dell Venue Pro, Apple iPhone, Blackberry 9800 and Nexus S.
Interestingly the Pwn2Own contest, found its beginnings to challenge the fact that Apple’s products were immune to viruses and other computer attacks, way back in 2007. The CanSecWest computer security conference decided to host a hacking contest to prove that Apple products are also vulnerable. A cash prize of $10,000 was on offer plus a MacBook for any hacker who could break into a new fully patched MacBook. Vulnerabilities so found in this contest would be provided with all details to the manufacturer / vendor to develop the required security patches to take care of the same.
The 2008 contest had three targets – a MacBook Air running Leopard OS, a laptop running Windows Vista and a laptop running Ubuntu Linux. This time the MacBook and Windows Vista were hacked, keeping the Ubuntu intact. The 2009 contest had one more addition, namely the smartphones. Here, the Mac OS was exploited through both, Safari and Mozilla Firefox, Internet Explorer 8 on Windows Vista also, but the smartphones remained unaffected.
2010 saw Safari running Snow Leopard on the Mac fail, Mozilla Firefox on Windows 7 also failed, and Internet Explorer 8 (IE 8) on Windows 7 was also exploited. The only browser that was not defeated was the Google Chrome. The iPhone again using Safari was also hacked. All this over the years proved that the Mac OS X, although being secure, is safer but not really any more secure than the Windows OS.
The 2011 Pwn2Own contest again saw the Apple Safari browser, and the IE 8, getting hacked. The Safari on a fully patched Mac OS X 10.6.6 MacBook was hacked. IE 8 on a 64-bit Windows 7 Service Pack 1 using three separate vulnerabilities also went down. The Google Chrome OS hacker scheduled to exploit the CR 48 Chrome OS Notebook did not show up at the venue.
In the smartphone category, the iPhone 4 and the RIM Blackberry Torch 9800 succumbed to the hackers’ onslaught. The contest seems to be an interesting venture – testing the hacker, providing the vulnerability to the manufacturer, and making the IT world more secure.