(May 12，Macau) Security geeks hacked dozens of smart devices and won nearly one million yuan (more than 100 thousand USD) prize, during the GeekPwn Macau on May 12, a hacking contest organized by well-known security team KEEN.
Geeks showed their power at the GeekPwn Macau and succeeded in finding vulnerabilities in dozens of mainstream routers, remote controls, smart cameras, hacker-proof safes and other smart devices including TCP protocol stack vulnerabilities leading to remote hijacking. The findings will improve the security level of the devices and technologies offered by the top firms like Microsoft, Cisco, Qihoo 360, Netgear and ASUS, which are used by millions of people every day.
“GeekPwn encourages security geeks to bring fantastic creativity and unlimited possibilities to change the world with their talents and technologies,” said Wang Qi, founder of GeekPwn and CEO of the KEEN Corporation.
Following responsible vulnerability disclosure policy, vulnerabilities found in GeekPwn will be submitted to manufacturers in aid of product safety improvement. Revealed hacker techniques are used to protect the privacy, property and personal safety of customers by manufacturers ‘ paying greater attention to fixing potentially vulnerable aspects of their wares.
Internet-based crime is estimated to cost the global economy $445US billion a year, double the cost of natural disasters, according to media reports citing figures from the Center for Strategic and International Studies.
During the one-day GeekPwn Macau contest, the first GeekPwn held outside of the Chinese mainland, talent security geeks broke through the security constraints of various devices, taking unexpected and un-welcomed control of smart home devices, drones, routers and even Microsoft’s Surface Pro.
Extraordinary security geeks, including high-school student and female geeks, where an award of nearly 1 million yuan (more than 100 thousand USD) during the contest was at stake.
The competitors from Chaitin Technology were awarded 420,000 yuan by hacking 10 routers and Xiaoyi camera, which made them the biggest winner of the contest; the network security team of Tencent PC Manager hacked the Surface Pro and won 150,000 yuan single award and extra 50,000 yuan for Most Difficult Award; Cao Yue’s team demonstrated TCP hijacking technology and won the 100,000 single award and extra 50,000 yuan for the Most Creative Idea Award.
Remotely hijacking by vulnerabilities in TCP protocol stack
The demonstration from Cao Yue, a doctoral student from the University of California, Riverside, was the most staggering highlight during the GeekPwn Macau. Cao used the vulnerabilities of TCP protocol stack of Linux kernel, regarded as “basic infrastructure of Internet”, to achieve the demonstration of remote hijacking.
Cao showed his “magic” in the GeekPwn Macau: attackers are able to hijack communication in any place of the world if they knew the IP address of the victims. During the demonstration, it suddenly popped out a false login page on the news web page and asked victims to input account and password according to the instructions. After that, the inputted content appeared on Cao’s computer. Unlike common reported network crimes (such as Trojan, Phishing, and Fraud), victims become the lambs of attackers without making any mistakes.
There are more than 4 billion possible sequence numbers and more than 60 thousand possible port numbers. The unpredictability for their combination is the cornerstone for TCP protocol’s security. Cao found a technology able to detect port number and sequence number of TCP connection in a short time, which makes most Android and Linux systems on the Internet vulnerable to attacks and hijacking at anytime and any places. In the early stage of Internet development in 1990s, Kevin Mitnick received fame with the technology of “session hijacking” by using a vulnerability of the then immature TCP protocols. Under improved and mature TCP protocol today, Cao’s digging out such significant vulnerabilities does make sense to the world information security research.
Security Risks in Surface and Wi-Fi
The team, which once took the crown in another Pwn2Own hacking contest, won the Most Difficult Award during the GeekPwn Macau by hacking Surface Pro 4 with advanced continuing threat attacking APT technology in the real world.
Taking advantage of vulnerabilities in Windows and Adobe Reader, online security team from Tencent PC Manager could entirely control Surface Pro. During the GeekPwn Macau demonstration, “hacker” sent a malicious PDF file to the victim. When the victim opened this PDF file, the live video shot on spot by Surface camera were uploaded to the “hacker’s” computer.
Winner team Chaitin Tech demoed hacking processes of 10 routers made by firms including Cisco, Qihoo 360, Netgear and ASUS. After connecting to the vulnerable routers, applications downloaded by authorized Android application stores will be replaced with malicious program with Trojans. Chaitin Tech also found that ASUS router’s vulnerable service is exposed on the external port, which can be remote attacked by hackers anywhere on the Internet. The number of affected routers was several dozens of thousand units used by many families.
Female hacker and high-school student geeks
The only female hacker during the GeekPwn set her targets on smart home appliances. She broke through CoKon Household Appliance Remote control and demoed to hijack home appliance devices connected and controlled by IR remote control.
The youngest attendants of the GeekPwn Macau were two 16-year-old high school students, who demonstrated how to hijack drones with a phone. They enabled the drones to take off, land and automatically return without owner commands. The two teenagers won the “Geek Encouragement Award” in the contest for their enthusiasm about hacking.
About GeekPwn Macau Content
GeekPwn was organized by Shanghai-based Keen, the security research team and designed to focuses on helping worldwide leading software and hardware firms discover and fix security vulnerabilities. GeekPwn contests is now held twice a year. Macau contest is added this year on May 12th with more International style and same level of award as GeekPwn Carnival contest to improve smart devices’ manufacturers’ security sense and ability globally. GeekPwn will give several annual best awards to extraordinary security geeks.
GeekPwn Macau focuses on six smart device categories: smartphone, smart transportation, wearable device, smart home, smart entertainment and mobile applications.
KEEN is the first Asian team to win prizes in the history of Pwn2Own. It has also won more Pwn2Own prizes than any other Asian teams. Up to now, hundreds of KEEN’s security outcomes have been applied to every Windows PC, every Apple device and every Android device.