China’s top hackers have gathered this weekend in the city of Chengdu to compete in the Tianfu Cup, the country’s top hacking competition. Over the course of two days — November 16 and 17 — Chinese security researchers will test zero-days against some of the world’s most popular applications. The goal is to exploit and take over an app using never-before-seen vulnerabilities. If attacks succeed, researchers earn points towards an overall classification, cash prizes, but also the reputation that comes with winning a reputable hacking competition. The Tianfu Cup’s rules are identical to what we see at Pwn2Own, the world’s largest hacking contest. The two events are more tied than most people know. Prior to 2018, Chinese security researchers dominated Pwn2Own, with different teams winning the competition years in a row. Now, all that talent is going against one another. In the spring of 2018, the Chinese government barred security researchers from participating in hacking contests organized abroad, such as Pwn2Own. The TianfuCup was set up a few months later, as a response to the ban, and as a way for local researchers to keep their skills sharp. The first edition was held in the fall of 2018 to great success, with researchers successfully hacking apps like Edge, Chrome, Safari, iOS, Xiaomi, Vivo, VirtualBox, and more.
Submitted by: Arnfried Walbrecht