Tipping Point's Zero Day Initiative (ZDI) will be sponsoring the Pwn2Own hacking contest for the 3rd time. It will be held during the CanSecWest Security Conference March 16-20th in Vancouver, BC. Hackers are invited to crack into browsers and mobile device for the chance to win $10,000 and the actual devices along with one year of phone service if a phone is a hacked.
Device and software makers don't have to worry because, ZDI will purchase all winning
vulnerabilities and hand them
over to the affected vendors, and coordinate public disclosure.
The Zero Day Initiative will pay $5000 per browser bug, and $10,000
per mobile bug. The first person to crack any of the mobile devices
will also get to keep that device along with a one year phone
contract. The first person to crack any of the browsers will get to
keep the laptop it was running on. All winners will be asked to sign
and agree to the general ZDI Non Disclosure Agreement.The contestant may only win one prize per flaw (e.g. if he is able to pwn a
browser and a mobile device using the same flaw, he has to choose one
to go after). Winning entries against the browsers include exploits
which require no user interaction outside of a single click on a
malicious link.
Winning scenarios against the mobile devices include
attacks that can be exploited via email, SMS text, website browsing and
other general actions a normal user would take while using the device.
Physical access will not be granted to the mobile devices, and proving
successful exploitation of one of the mobile devices will be verified
by our team of hardware hacker judges on the ground at the event.
If more
than 5 people win prizes, we will offer additional "Bonus" prizes of an
extra $5,000 that will be awarded this year for Most Interesting
Browser flaw, Most Interesting Mobile Device Flaw, and Best in Show.