In total, ethical hackers earned $1.2 million in the bug bounty competition.
Bug bounty programs have to be one of the most lucrative incentives for the ethical hackers out there. They provide a very good sum to save all the salaries.
Keeping this in mind, recently the Tianfu Cup International PWN Contest for 2020 was held as usual in China and hackers have cashed in an amount of over $1.2 million thanks to their vulnerability discoveries.
Different brands were targeted including tech giants Apple, Samsung, ASUS, TP-Link along other tech groups such as Mozilla & Ubuntu.
The competition was structured in a way that each team got 3 attempts to hack the given target in only 5 minutes – an impressive feat to say the least.
With the total number of participating teams ranging up to 15, 8 of these managed to bag rewards with a firm named Qihoo 360 earning the most, a total of $744,500.
Their exploits were various with the following being a few:
- Enabling Remote Code Execution(RCE) in Google Chrome using a sandbox escape – $100,000
- Enabling RCE in an iPhone 11 Pro running iOS 14 using a sandbox escape – $180,000
- Enabling RCE in a Samsung Galaxy S20 with the help of root privileges – $80,000
- Finding a vulnerability in Mozilla Firefox – $40,000
- Finding a vulnerability in Qemu(a virtual machine + emulator) – $60,000
- Finding a vulnerability in Adobe Reader – $18,000
- Hacking Windows 10 & CentOS 8 – $40,000
However, despite this, the top prize went to another team that had hacked an iPhone doing a Jailbreak and got $300,000 for it.
To conclude, many other participants also got other prizes as is the usual case with such contests.
Nonetheless, a good thing is that such opportunities not only help or motivate the hacking community but are also crucial in making tech companies understand the vulnerabilities in their systems that have been left undiscovered by their own security teams.
This way, they could utilize the knowledge gained to improve their internal practices. For the future, we will be seeing patches for all the vulnerabilities disclosed to be rolled out – a usual practice to ensure user security.