Pwn2Own hacking contest ends with two virtual machine escapes
Security

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.

One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That's why VM escape exploits are highly prized, more so than browser or OS exploits.

This year, the organizers of Pwn2Own, an annual hacking contest that runs during the CanSecWest conference in Vancouver, Canada, offered a prize of US$100,000 for breaking the isolation layer enforced by the VMware Workstation or Microsoft Hyper-V hypervisors.

Friday, on the third and final day of the contest, two teams stepped up to the challenge; both of them from China.

Team Sniper, made up of researchers from the Keen Lab and PC Manager divisions of internet services provider Tencent, chained together three vulnerabilities to escape from the guest OS running inside VMware Workstation to the host OS.

The other team, from the security arm of Qihoo 360, achieved an even more impressive attack chain that started with a compromise of Microsoft Edge, moved to the Windows kernel, and then escaped from the VMware Workstation virtual machine. They were awarded $105,000 for their feat.

The exploit scenarios were difficult to begin with, because attackers had to start from a non-privileged account on the guest OS, and the VMware Tools, a collection of drivers and utilities that enhance the virtual machine's functionality, were not installed. VMware Tools would have probably provided more attack surface had they been present.

Also on the third day, researcher Richard Zhu successfully hacked Microsoft Edge, complete with a system-level privilege escalation that earned him $55,000. It was fifth Microsoft Edge exploit demonstrated during the competition.

Apple's Safari fell four times, Mozilla Firefox once, but Google Chrome remained unscathed. Researchers also demonstrated two exploits for Adobe Reader and two for Flash Player, both with sandbox escapes. The contest also included many privilege escalation exploits on Windows and macOS.

The Qihoo 360 team won the most number of points and were crowned Master of Pwn for this year's edition. It was followed by Tencent's Team Sniper and a team from the security research lab of China-based Chaitin Technology.

The researchers have to share their exploits with security vendor Trend Micro, the contest's organizer, which then reports them to the affected software vendors.

IDG Insider

PREVIOUS ARTICLE

«Russia will strike US elections again, FBI warns

NEXT ARTICLE

Google finally lets you save your parking spot in latest Maps beta»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?