id2957383castle538722100600887orig
Security

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Virtual machines are in used in many scenarios to create throw-away environments that pose no threat to the main operating system in case of compromise. For example, many malware researchers execute malicious code or visit compromise websites inside virtual machines to observe their behavior and contain their impact.

One of the main goals of hypervisors like VMware Workstation is to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. That's why VM escape exploits are highly prized, more so than browser or OS exploits.

This year, the organizers of Pwn2Own, an annual hacking contest that runs during the CanSecWest conference in Vancouver, Canada, offered a prize of US$100,000 for breaking the isolation layer enforced by the VMware Workstation or Microsoft Hyper-V hypervisors.

Friday, on the third and final day of the contest, two teams stepped up to the challenge; both of them from China.

Team Sniper, made up of researchers from the Keen Lab and PC Manager divisions of internet services provider Tencent, chained together three vulnerabilities to escape from the guest OS running inside VMware Workstation to the host OS.

The other team, from the security arm of Qihoo 360, achieved an even more impressive attack chain that started with a compromise of Microsoft Edge, moved to the Windows kernel, and then escaped from the VMware Workstation virtual machine. They were awarded $105,000 for their feat.

The exploit scenarios were difficult to begin with, because attackers had to start from a non-privileged account on the guest OS, and the VMware Tools, a collection of drivers and utilities that enhance the virtual machine's functionality, were not installed. VMware Tools would have probably provided more attack surface had they been present.

Also on the third day, researcher Richard Zhu successfully hacked Microsoft Edge, complete with a system-level privilege escalation that earned him $55,000. It was fifth Microsoft Edge exploit demonstrated during the competition.

Apple's Safari fell four times, Mozilla Firefox once, but Google Chrome remained unscathed. Researchers also demonstrated two exploits for Adobe Reader and two for Flash Player, both with sandbox escapes. The contest also included many privilege escalation exploits on Windows and macOS.

The Qihoo 360 team won the most number of points and were crowned Master of Pwn for this year's edition. It was followed by Tencent's Team Sniper and a team from the security research lab of China-based Chaitin Technology.

The researchers have to share their exploits with security vendor Trend Micro, the contest's organizer, which then reports them to the affected software vendors.

IDG Insider

PREVIOUS ARTICLE

« Russia will strike US elections again, FBI warns

NEXT ARTICLE

Google finally lets you save your parking spot in latest Maps beta »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech

Poll

Do you think your smartphone is making you a workaholic?