Trend Micro’s Zero Day Initiative encourages zero-day disclosure in latest mobile devices
DALLAS–(BUSINESS WIRE)–In the continued effort to thwart malicious attacks against consumers and enterprises, Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced the Zero Day Initiative’s Mobile Pwn2Own contest. This year’s event will take place Nov. 1-2, during the PacSec 2017 Conference in Tokyo, Japan. The contest rewards security researchers for demonstrating and disclosing zero-day attacks on the latest and most popular mobile devices.
Contestants will be awarded cash and prizes during the competition for vulnerabilities and exploitation techniques against the most up-to-date patches in popular mobile platforms. This year’s targets include the Apple iPhone 7, Samsung Galaxy S8, Google Pixel and Huawei Mate9 Pro. Following the contest, vendors will have 90 days to produce patches for these bugs, instead of the standard 120 disclosure window. This reflects the integrity of successful exploits produced during the contest. As these are practical vulnerabilities with demonstrated applications, a shortened patch window helps provide quicker protection for the end user against potentially damaging bugs.
“This contest embodies Trend Micro’s leadership in encouraging and facilitating the discovery of zero-day vulnerabilities,” said Mike Gibson, vice president of threat research for Trend Micro. “Rewarding responsible disclosure of these bugs promotes our overarching goal of making everyone safer online. Researchers participating in the contest gain notoriety and can win a significant amount of money, and vendors are given the opportunity to patch zero-day vulnerabilities that might have otherwise wreaked havoc on their systems.”
To emphasize the importance of vigilance against these threats and responsible disclosure, this year’s event offers larger prizes than ever before, with a prize pool of more than US$500,000. The contest consists of four categories including browsers, short distance and WiFi, messaging and baseband, which is returning this year. A complete list of targets and prizes are listed below:
Categories | Target | Cash Prize |
Master of Pwn |
||||||
Browser | Chrome | $50,000 (USD) | 10 | ||||||
Safari | $40,000 (USD) | 10 | |||||||
Samsung Internet Browser | $30,000 (USD) | 8 | |||||||
Short Distance and WiFi | Bluetooth | $40,000 (USD) | 8 | ||||||
NFC | $50,000 (USD) | 8 | |||||||
WiFi | $60,000 (USD) | 8 | |||||||
Messaging | SMS | $60,000 (USD) | 12 | ||||||
MMS | $60,000 (USD) | 12 | |||||||
Baseband | * | $100,000 (USD) | 20 | ||||||
In addition to the standard categories and prizes, there are add-on bonuses for executing code with kernel privileges and having the payload persist after a reboot. These bonuses will help contestants reach the coveted title, “Master of Pwn,” by adding additional points to their running total from each successful exploit.