Introduction of GeekPwn
As one of the world’s leading platforms for cybersecurity researchers, GeekPwn enables security researchers and executives around the world to share their thoughts and findings.
Since 2014, GeekPwn has successfully held 8 sessions in Beijing, Shanghai, Macau, Hong Kong and Silicon Valley, and responsibly disclosed hundreds of critical security vulnerabilities and awarded over millions (USD) to contestants.
GeekPwn has created a bonus pool of $800,000 USD for 2018, and the GeekPwn Mid-Year Contest will be held in Silicon Valley on May 12th, 2018.
GeekPwn2018 Contest Rules, Initial Prize Pool $800,000 USD
During past GeekPwn events, smart devices and systems (i.e. mobile devices, drones, robots, voice and handwriting recognition, SSL/TLS protocol, etc.) have all been pwned successfully.
In 2018, we set four categories including PWN AI, AI PWN, PWN EVERYTHING and a Trojan Robot Challenge.
Prize of PWN AI amounts will vary depending on the prize committee evaluation. The maximum individual prize awarded will be $150,000 for each Pwn.
PWN AI category is applicable to all public AI Services, Products, Libraries, and Frameworks. Exploit vulnerabilities to make the AI system or component stop working, or lead the AI system or component to make wrong decisions,. Target areas include computer vision, voice recognition/identification, natural language processing, autonomous driving, malware detection, etc. The target AI frameworks include mainstream frameworks such as TensorFlow, TorchNet, and Caffe.
• Use special algorithms to create adversarial pictures based on original ones. While human beings can recognize them correctly, some public picture classification services or software make the incorrect choice.
• Use any face to unlock a phone using facial recognition technology.
• Exploit vulnerabilities in an autonomous driving system to make the system fail at detecting some specific obstacles.
• Exploit vulnerabilities in an AI framework to make the deployed AI system stop working in some specific situations.
Prize of AI PWN amounts will vary depending on the prize committee evaluation. The maximum individual prize awarded will be $150,000 for each Pwn.
Contestant uses AI (various algorithms in computer vision, voice recognition, natural language processing, autonomous driving, etc.) as primary or assistant method in hacking process to break the restriction of the target system, which causes the original functions of target system to stop working, or leak information.
• Using AI method for speech synthesis, simulate target person’s voice and pass target authentication system with high probability. GeekPwn committee will provide simulated target person’s recorded voice– about 30 minutes in length. The target authentication system will be set by the simulated target person. In the contest, contestant will try to pass the authentication system with synthesized voice.
• Using AI method to determine hand motions from video clips to accurately identify the password input with high recognition rate. In the contest, GeekPwn committee will capture video clips of a person setting a password on a keyboard. The contestant will use AI system to identify the password according to the video clips.
• Use AI method to accurately identify complex CAPTCHA with high recognition rate. The contestant can use a program to automatically pass CAPTCHA system.
Prize of PWN Everything amounts will vary depending on the prize committee evaluation. The maximum individual prize awarded will be $150,000 for each Pwn.
Smart devices and IoT products that are commercially available are all acceptable PWN targets. Contestants without privileges can get system control, access private data or break through original security mechanisms in reasonable attack conditions.
• A printer is infected by malware. That malware can transfer data from the air-gapped network to a drone via laser.
• More PWN Everything examples are available at the GeekPwn Hall of Fame — including cameras, POS machines, drones, robots, smartwatches, smart locks, smart bikes, etc.
1. The PWN target (device, application or security module) should be in factory shipped state with official updates and default settings. The ROM and/or software versions should be >= the latest version on April 12th (30 days before the event).
2. All the technical approaches must be contestant’s original work. All the public known PWN approaches could not be used and win the contest. Winning contestants need to submit technical details report.
3. Some special awards will be offered by GeekPwn committee based on the PWN technical difficulty, creativity and demonstration effects.
4. GeekPwn committee reserves the right of final decision on the interpretation of all rules.
GeekPwn committee follows the vulnerability disclosure process, the committee will deliver the vulnerabilities details collected to manufacturers in two weeks after GeekPwn event.
PWN EVERYTHING-TROJAN ROBOT
Prize of Trojan Robot amounts will vary depending on the prize committee evaluation. The maximum prize awarded will be $30,000 for the winning team.
In this contest, each team is required to make a robot, which can enter an office and hack computers. This robot needs to complete some specific tasks (both basic and advanced) .
To fulfill basic tasks, the following steps are required.
1. The robot is put into an express box and delivered to the front desk of a simulated office.
2. The robot moves out of the box by itself.
3. The robot moves toward the target computer.
4. The robot plugs a USB device into the USB port of the target computer.
5. The robot pushes the power button to start the target computer.
6. The robot sends real-time video to the contestant.
7. The contestant controls the robot to boot the target computer from the USB device and read data from the hard disk.
If basic tasks are fulfilled, the contestant team will receive a basic award, with an opportunity to compete on advanced tasks. The GeekPwn Committee will evaluate the fulfillment of advanced tasks and determine the award for each winning team.
Secure Tech, Secure Life
Realize potential of security researchers
Raise security level of technology
Promote security consciousness of people
Justice, Passion, Persistence, Hope