SHANGHAI, Nov 7, 2016 /PRNewswire/ -- Smart devices and game engines used by millions of consumers, including Value Source, Huawei P9 Lite and PlayStation 4, were Pwned (hacked) by Chinese and overseas security geeks at GeekPwn 2016, a hacking festival organized by advanced security engineering company KEEN and held simultaneously in Shanghai (China) and Silicon Valley (United States).
Photo - https://photos.prnewswire.com/prnh/20161107/436610
A total of 58 top security geeks from countries including China, the United State, Russia and Singapore attended GeekPwn 2016, among them world-class Open AI scientist Ian Goodfellow, legend hacker Geohot, well-known CTF team Shellphish and other famous names in the information security community.
A group of talented, imaginative and highly skilled white-hat hackers, they used GeekPwn 2016 to try to access or control various devices, reveal vulnerabilities and bugs, and warn related firms to fix them.
Pwn: hacking with imagination and code
Smart devices were found less secure than previously thought at GeekPwn 2016, even though they were developed by big companies and used by millions of consumers.
Valve Source, a top game engine used by popular games like Dota 2, Counter Strike Global Offensive and Team Fortress 2, was Pwned by geek Amat Cama. The attack results in remote code execution on the target machine and compromising any ongoing games without touching devices and knowing users accounts. The vulnerabilities may impact millions game players globally as these games are played by over 10 million people every month.
GeekPwn 2016's top prize of RMB350,000 went to Nick Stephens from Shellphish, who discovered a chain of bugs in the Trust Zone of Huawei P9 Lite. Nick's exploitation successfully gained root privileges on the phone and executed remote code in Huawei's Trusted Execution Environment. With these vulnerabilities, hackers may be able to not only access to sensitive data in Trust Zone, but also get control of top authority operations like payment.
These vulnerabilities can also be leveraged to exploit other models of the Huawei P-series including Huawei P8. Any Huawei devices using the Trust Zone code are likely vulnerable.
Integration between Trust Zone and fingerprint recognition was considered top-level smartphone security but if hackers could fully exploit these vulnerabilities, the Trust Zone security would no longer make sense.
The vision of AI security at GeekPwn
Geohot, the legendary and controversial geek, the founder and CEO of Comma.ai, stood out in particular on the GeekPwn 2016 stage. Geohot said that AI is just a concept and far from reality in daily life right now. But AI is going to bring great and exciting achievements in the near future, especially for the self-driving car, which makes AI security an essential topic today.
At the GeekPwn 2016 Silicon Valley session, OpenAI scientist Ian Goodfellow and Google brain researcher Alexey Kurakin shared their latest research of "Adversarial examples in the physical world", which can cheat machine learning easily. AI security expert and Stanford graduate Clarence Chio brought a demo of "Adversarial machining learning in practice" based on Deep-Pwning framework. These findings can "cheat" machine learning systems like image classification and malicious program filter services, and lead machine learning systems to make mistakes.
Hundreds of high-risk vulnerabilities have been found and reported to smart device vendors since the GeekPwn event debuted three years ago. Several hundred geeks have attended GeekPwn festivals to date, winning a total of to RMB10 million.
About GeekPwn 2016
GeekPwn is a technology exchange platform and international community of safeguarding system, software and protocol of various smart devices. security geeks with talents and imagination are encouraged to pwn (hack) devices and win prize.
The most unique and extraordinary character of GeekPwn 2016 is open mind and rich variety of pwn targets. Different from pwn2own contest which limited to computers or mobile phones, on GeekPwn stage geeks may pwn any software or hardware of smart devices. Geeks are welcomed to GeekPwn if they are able to take control or to obtain data without authorization under reasonable realistic conditions (original without tampering, per-implanted trojan or certain pre-granted privilege), targeting software and protocols of mobile phones, smart devices, internet of things, new i/o modules (gesture capture, VR, AR.), AI-featured modules and services (chatting robot, visual recognition and voice recognition) etc.
KEEN: the Organizer of GeekPwn
KEEN focuses on helping worldwide leading software companies to adopt advanced security engineering methodologies and to discover and fix security vulnerabilities. In the past years, KEEN has discovered and reported hundreds of high-risk vulnerabilities to Microsoft, Apple and Google.
KEEN is the first Asian team to win prizes in the history of Pwn2Own. It has also won more Pwn2Own prizes than any other Asian teams. Up to now, hundreds of KEEN's security outcomes have been applied to every Windows PC, every Apple device and every Android device.
Photo - http://photos.prnewswire.com/prnh/20161107/436610
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/geekpwn-2016-hackers-highlight-vulnerabilities-of-leading-smart-devices-300358190.html
