Google offers nearly $3 million in rewards for Pwnium hackathon

It’s time to showcase your security skills again! Google has announced its Pwnium 4 competition, offering a total of $2.71828 million in prizes for anyone who can crack open its browser-based operating system, Chrome OS.

In a blog post, Jorge Lucángeli Obes, Google Security Engineer and Master of Ceremonies said that Pwnium rewards will be offered for eligible Chrome OS exploits at a number of levels.

• $110,000 USD: browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.
• $150,000 USD: compromise with device persistence: guest to guest with interim reboot, delivered via a web page.

Also this year, the search giant has announced “significant bonuses for demonstrating a particularly impressive or surprising exploit”. Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process.

In previous competitions, Pwnium focused on Intel-based Chrome OS devices. But this year, security researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture for hacks.

The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS.

It is worth mentioning here that no exploits for Chrome OS were found in 2013.

Google says that standard Pwnium rules apply, “the deliverable is the full exploit, with explanations for all individual bugs used (which must be unknown); and exploits should be served from a password-authenticated and HTTPS-supported Google App Engine URL.”

Those of you interested in registering for the contest can do so by sending an e-mail to [email protected] before 5:00 PM PST, March 10th.

Leave a Reply