Google once again scheduled its yearly tap into the dark side of computer technology today, when it announced its fourth annual Pwnium (pronounced ponium). Pwnium is an event which is designed to bring together hackers from all over the world, in an attempt to break Google Chrome OS from the inside. It is scheduled to take place in March of this year at the CanSecWest conference in Vancouver, Canada.
Pwnium derives its origins from another, more popular and well known hacking competition known as Pwn2own, where hackers come from around the world to show off their dark arts, and win cash prizes for it. However, no prize at Pwn2Own has ever equaled the $2.7 million in cash prizes Google is putting up for grabs this year. Last year’s prize total was estimated at $3.14 million. Only $40,000 was ultimately awarded to the competitors last year, who had to crack a Chromebook using only an Intel processor.
This year, hackers will have more options and more challenges to work with. They will be given the opportunity to use both Intel and ARM powered laptops. In addition, prizes will be given for both partial and full exploits, as well as clever hacks which can be used to manipulate the system. Prizes of $110,000 will be given to hackers who can successfully hack the OS through a web page, with the larger $150,000 prize reserved for those who deliver a complete hack. A “complete hack” is defined as one that enables the hacker to maintain control of the hack, even after a full reboot is completed.
Unlike its predecessor Pwn2Own — which did not require hackers to spill all of their secrets — Google’s trip into the dark side of the computer world will require hackers to divulge complete hack and exploit information. This includes each vulnerable point and crack within the OS, that enabled the hacker to succeed. According to Google, in addition to these base prizes, a larger sum may be paid to an individual or team who reveals “an impressive or surprising exploit.” In order to qualify as an “exploit,” the team must demonstrate that the hack can consistently and repeatedly break the operating system, allowing the hacker complete, unfettered access.
Google has decided to move forward with the Pwnium this year, based on recent successes by other hacking competitions; despite its own limited success in the area. In last year’s Pwnium, only one prize was awarded. Google later admitted that the hack was only a partial violation, not one which could be exploited on a continual basis.
These types of competitions and Security conferences have become an excellent way for companies like Google to embrace and exploit the darker, criminal side of computer expertise. It has been seen as a way for companies to improve systems internally — before they are compromised by the dark side — as well as a legitimate way for an outside source to share vulnerability in a controlled environment. In truth, it beats having a hacker pull down their whole system before a problem is exposed. Interestingly, tapping this dark side of the computer world may ultimately backfire on Google, exposing their deepest secrets to all the sharpest minds they didn’t hire. Then again, by bringing these problems to light and adding these potential enemies into the fold, Google may circumvent larger problems in the future, which could hinder users from accessing the full compliment of internet technology tools, at their disposal.
By Chris Chisam
Click Here if you think YOU could write for the Liberty Voice