PWNoRAMA will take place in Singapore between 23 and 24 March and the organisers are giving a total prize money of $500,000 for hacking a number of smartphone. The top prize of $100,000 is however reserved for the crown jewel from Apple. The $100,000 will go to the hacker who can exploit iOS at its deepest kernel level through Safari browser. Target smartphones are give as below
iPhone 6s iPhone 5c Galaxy Note 5 Galaxy S6 Nexus 6P LG G4 HTC One M9 Sony Experia Z5 BlackBerry Leap Lumia 950
The prizes are as follows :
Mobile Web Browsers Safari on iPhone Safari on iPhone 6S $30,000 Safari on iPhone 5C $20,000 Chrome on Android $80,000 BlackBerry Browser $30,000 Windows Mobile Browser $30,000
Sandbox Escape / Local Privilege Escalation Chrome browser (Android) context to un-sandboxed non-root context $20,000 Chrome browser (Android) context to root context $60,000 Safari browser context to un-sandboxed context $30,000 Safari browser context to kernel (iOS) context $100,000 BlackBerry browser context to root context $30,000 Windows Mobile browser (Edge) context to Root context $40,000
WiFi (No User Interaction) $75,000
No/Minimal Interaction Remote Attacks (SMS/MMS/…) $100,000
Baseband Code execution in the baseband context $75,000 Jumping from baseband code execution context to application processor execution context $75,000
Coseinc will award $100,000 to the hacker who can compromise a target phone with little to no interaction from the user like the Stagefright vulnerability which could exploited through a specially crafted MMS message. There is a small condition to the PWNoRAMA. Coseinc will not be disclosing the hacking PoC with Apple, Google and other smartphone makers listed above until six months after the competition. Coseinc chief Thomas Lim gave the reasons as, “We are paying out in six monthly instalments to prevent the hackers from selling the same exploits to other parties after taking the prize money.” Coseinc will also be offering certain bonuses.
Performance Bonuses Reliability: If exploit runs successfully 8 or more times out of 10 tries, a bonus price of 0.4x(basic-prize) will be added on top of the basic-prize. Fast execution: If exploit finishes in under 10 seconds, a bonus price of 0.3x(basic-prize) will be added on top of the basic-prize. Generic: If exploit works on at least 3 of the listed target devices, a bonus price of 0.3x(basic-prize) will be added on top of the basic-price. Complete solution: If a complete “remote jailbreak” exploit chain is presented, a bonus price of 0.3x(basic-prize) will be added on top of the basic-prize. Remote jailbreak is the combination of Remote+Sandbox escape to root context. Baseband exploit triggered from a public network: a bonus prize of 0.4x(basic-prize) will be added on top of the basic price.
Interested, fill the registration form over here and head over to Singapore on 23rd March, 2016.