2017 GeekPwn Mid-Year Contest Wrap-Up: Hacker and the Sea


GeekPwn has finished the mid-year contest in Hong Kong on May 13th.

More than  38 vulnerabilities found by 12 groups of talented white-hat hackers. They demonstrate how easy to hack your vulnerable “smart devices”, including smartlock, router, switche, smart watch for children,  shared-bike, smart phone, self-balancing scooter, IP camera, as well as other Smart Home devices.

GeekPwn committee will deliver the vulnerabilities details collected to manufacturers in two weeks after GeekPwn event, and GeekPwn committee will work together with the manufacturers to fix the vulnerabilities.

Now, it’s high time to review WHAT ‘S HAPPENED and WHO’S HERO/HEROINE this time.

George Nosenko, a security researcher in information security company Embedi, won the biggest prize for obtaining the highest privilege of the Cisco Switch.

He found a stack based overflow vulnerability in the Cisco operating systems, Cisco IOS and Cisco IOS XE (Linux-based). According to scanning result on the Internet by his team, there were already about 252,000 vulnerable devices detected. Approximately 8 million devices need further check.

George Nosenko’s great work won him the top pirze 250,000 yuan in total, including the “G-influnce Award“. In addition, he was selected to the member of GeekPwn Hall Of Fame.

Sun Lei and Zhao Hanqing are from Information Security Lab, Ocean University of China. They found 10 different brands of home routers were vulnerable to hackers. They are NETGEAR, Tenda, B-link, Dlink, ASUS, Antbang, JCG, UTT, wavlink and Motorola. Six of them contain stack overflow vulnerabilities, four of them are vulnerable to command injection. There are also two user  authentication bypass and one SQL injection.

After two-month researching, their findings will help the vendors to improve products’ security level. They were also selected to the member of GeekPwn Hall Of Fame.

“tyy”, a 25-year old female graduated from ZheJiang University, one of the most prestigious universities in China, has researched more than 10 bike-sharing APPs within one month. She found vulnerabilities in seven of them. During GeekPwn she demonstrated the break into the users accounts of four bike-sharing companies, Xiaoming, 100Bike, Yonganxing and Xiangqi.

“tyy” won the “G-performance Award” selected by the audience.

“He just walked nearby me, and then made me a new attacker”, this sentence may be the best description of this project.

Guo Daxing and Liu Huiming, from X-Group of Tencent’s XuanWu Lab, are committed to vulnerabilities mining and exploitation. They designed an attack method, which can help infect and steal information when 2 Android phones get close. It doesn’t rely on Internet. This attack method could affect mobile phone, tablet as well as PC platform.

Just like someone who’s been bitten by a zombie can become a zombie and bite the others. The name of this method is “Wombie Attack”, made up of “wireless” and “zombie”.

They won the “G-thinking Award” in the end.



Wang Xin and Xu Kaiyi, members of Hat Lab (means hack anything) from DBAPPSecurity, used malicious QR code performing command injection to get root privilege of the Yi Camera 2. Then the camera is used as a bridge to attack Netgear router and MIJIA gateway.

Another contestant “rainman” is also from the  Hat Lab, who can control Xiaomi 9 self-balance scooter with script by exploiting vulnerabilities.


Li Wei, member of KHG Group of PEDIY, exploited a series of vulnerabilities, remotely inject commands to Konke smart doorbell, socket, bulb, camera,  and get full control. He said he did it for fun. He showed how to record a sound track with mobile phone and make it a doorbell ring in seconds.

Wang Qize is also from KHG Group of PEDIY, he found the XM IP camera has authentication algorism flaw, which may lead to another Mirai Attack around the world.

Cafe-team is a group of security geeks, they broke lock mechanism of OPPO R9 smart phone. By exploiting APP market vulnerability, they replaced valid APPs with malicious one.


Xie Haikuo and Huang Zheng are from Baidu Security Lab who hacked the GuoJia Internet Smart Lock which is claimed to be widely used in China. They found it has information disclosure and weak encryption.

xiao huihui” is also from Baidu, he forged phone calls, modified configurations, and got full control of the Xiaotiancai y03, a very popular smart children watch in China.

“cixer” is a Korean college student and freelance, he hacked Netgear and Tenda routers by exploiting two command injection vulnerabilities.

Pei Zhongyu and Liu Yukun hacked Newifi router 2, they are students from Network and Information Security Lab of Tsinghua University.



After GeekPwn event, we have already contacted all vendors mentioned above. Some of them has patched the vulnerability immediately, they are:

bike-sharing company Xiaoming, 

GuoJia Internet Smart Lock.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s