Trend Micro’s Zero Day Initiative (ZDI) on this week announced the forthcoming Pwn2Own Vancouver 2021 hacking competition that will take place on April 6-8.
The organizers provided information about the targets, prizes and rules for the competition.
Due to the ongoing COVID-19 pandemic, the event this year will be hybrid in the format, participants will submit their exploits remotely and the ZDI staff in Toronto (Canada) and Austin (Texas) will verify their efficiency.
People interested in the event can follow it through live streaming on YouTube and Twitch.
This year the overall prize pool is greater than $1.5 million in cash.
“As the workforce moves out of the office and goes remote, the tools needed to support that change become greater targets. That’s one reason we added this new category and teamed up with Zoom to have them in the contest. Microsoft Teams will also be a target. A successful demonstration of an exploit in either of these products will earn the contestant $200,000 – quite the payout for a new category.” reads the announcement published by ZDI. “Tesla returns for this year’s contest but driving off with a brand-new Model 3 will be more of a challenge this year. Of course, that means the rewards are greater as well, with the top prize going for $600,000 (plus the car itself).”
Other prizes include a Tesla Model 3 that will be assigned to participants that be involved in the hacking of vehicles. The hack of a Tesla could be awarded up to $600,000 to completely take over the vehicle.
The participants could be involved in the demonstration of working exploits for one of the following categories:
The novelty is represented by the “enterprise communications category,” participants can earn up to $200,000 for demonstrating working exploits against Zoom or Microsoft Teams platforms.
“Our newest category focuses on tools that we have come to rely on as we evolved into a remote workforce. Zoom has become a partner for their inaugural Pwn2Own, and we’re happy to have them on board.” continues the announcement.
“A successful attempt in this category must compromise the target application by communicating with the contestant. Example communication requests could be audio call, video conference, or message,”
Participants can earn up to $250,000 for demonstrating exploits in Microsoft Hyper-V client under the virtualization category, or up to $150,000 for Chrome and Edge exploits under the web browser category.
The maximum prize for exploits under the enterprise application category is $100,000 for Microsoft 365 exploits, while the prize for exploits under the server category is up to $200,000 for Microsoft Exchange and Windows RDP exploits.
Other information is available here.
At last year’s event, the first edition of Pwn2Own affected by the pandemic, white hat hackers only earned a total of $270,000 for their exploits.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Pwn2Own 2021)