This is your chance to illustrate your vulnerability research and exploit techniques in compromising popular mobile devices. Show us what you’ve got and we will show you the money.
Choose your target now
Contestants are allowed to select the target they wish to compromise during the pre-registration process. The exact OS version, firmware and model numbers will be coordinated with the pre-registered contestants. The following targets are available for selection:
- Nokia Lumia 1020 running Windows Phone
- Microsoft Surface RT running Windows RT
- Samsung Galaxy S4 running Android
- Apple iPhone 5 running iOS
- Apple iPad Mini running iOS
- Google Nexus 4 running Android
- Google Nexus 7 running Android
- Google Nexus 10 running Android
- BlackBerry Z10 running BlackBerry 10
** Google’s Chrome Security Team, in conjunction with the Chrome on Android team, is sponsoring a top-up reward for the Mobile Web Browser category. If a contestant successfully compromises Chrome on Android, either on Google Nexus 4 or Samsung Galaxy S4, the prize amount will be bumped by $10k to make it a total of $50,000. There may be additional winners in the Mobile Web Browser category if the contestant is specifically targeting Chrome on Android, either on the Google Nexus 4 or Samsung Galaxy S4.
This year’s Mobile Pwn2Own contest is offering the following prizes to the first contestant who successfully compromises their mobile target in the following categories:
- Short Distance/Physical Access ($50,000), either:
- Bluetooth, or
- Wi-Fi, or
- Universal Serial Bus (USB), or
- Near Field Communication (NFC)
- Mobile Web Browser ($40,000) **
- Mobile Application/Operating System ($40,000)
- Messaging Services ($70,000), either:
- Short Message Service (SMS), or
- Multimedia Messaging Service (MMS), or
- Commercial Mobile Alert System (CMAS)
- Baseband ($100,000)
The deadline to register is fast approaching. Don’t delay, enter today! The contest is open to all delegates at the PacSec 2013 conference (as long as you meet our rather inclusive eligibility requirements). You can even use a proxy at the conference if you are unable to attend in person.
Start by reviewing the contest rules, here. Next, if you don’t already have a free ZDI researcher account, you need to sign-up here. When you’re all signed up as a ZDI researcher, it’s simply a matter of contacting us to register for the contest.
Please direct all press inquiries for HP Security Research/ZDI to: Cassy Lalan <[email protected]>.
Want to know more?
If you missed it above, the full contest rules are here. We’ll also be tweeting regular updates and news on Mobile Pwn2Own up to and during the contest. You can follow us @thezdi on Twitter or search for the hash tag #pwn2own.