/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/post_banners/wp-content/uploads/2015/07/cyberattack_1805164b.jpg)
BENGALURU: Japanese cybersecurity company, Trend Micro has announced its 2017’s edition of Mobile Pwn2Own competition which will be held at this year’s PacSec security conference in Tokyo on November 1st and 2nd, 2017.
It’s going to be the sixth annual Pwn2Own competition, in which security researchers will be given the task of finding out vulnerabilities in popular mobile devices and reporting them in exchange for financial rewards.
The company will be offering $500,000 to be won by the security experts depending on the type of exploit they find. For instance, Mobile safari exploits are worth up to $40,000 and a SMS-based vulnerability could be worth $60,000.
There are also additional cash bonus of between $20,000 and $50,000 for executing code with kernel privileges and if the payload remains into an Operating system even after the system has rebooted.
This year's targeted device will be mainly focused on Apple’s iPhone 7 and 7 Plus, Google Pixel and Pixel XL, Samsung Galaxy S8 and Huawei’s Mate9 Pro. All of these devices will be running the latest version of iOS or Android respectively with up-to-date security patches installed.
If an individual succeeds in finding a vulnerability in any one the device, it will be then on the latest version of the Operating system and relevant to the manufacturer.
Commenting on this announcement, Ankush Johar, Director at BugsBounty.com, A crowd-sourced security platform for ethical hackers and organizations, said, “A Bug Bounty program is crowd sourcing of a defensive nature. This hunt for Zero-Days is offensive crowd sourcing of security vulnerabilities. Crowdsourced security is the ultimate solution for finding any possible security bug whether defensive or offensive, like in this case.”
Johar further said, “Though firms that are willing to sell 0-days for these mobile devices to surveillance agencies are offering up to $1.5 million to researchers, these vendors themselves are are hardly offering a fraction of that amount. This shows a discrepancy between the demand of 0-days in the market and the amount that vendors are willing to pay for securing their products. The $1.5 million offer for keeping the 0-day out of reach of the vendors highlights the heightened market demand for such security exploits.”