Hackers rake in large bounties for security exploits

November 18, 2013
1

Who says that being naughty doesn't pay, especially when it's for the good of everyone. That is exactly how a handful of hackers have been able to rake in thousands of dollars as part of some companies' attempts to turn hunting down security bugs into a contest. With crash prizes, of course.

There isn't a scarcity of people who would go at great lengths to break into a system, whether for fun, profit, fame, or philosophy. While keeping a system secure is a never-ending task, some companies such as HP have learned to harness the sometimes playful and competitive nature of hackers for their benefit, as well as the common good. Contests like HP's Pwn2Own gather bright and surprisingly young minds to help software companies strengthen their products by breaking into them.

The most popular hacker of late is Pinkie Pie, who isn't even 21 years old yet. His most recent entry earned him $50,000 in cash for taking advantage of security exploits in Google's Chrome Browser. This exploit gave malicious individuals control of a device simply by visiting a certain site. This is definitely not his first win. Last year, Pinkie Pie also brought home $60,000 for finding six bugs that allowed him to break out of Chrome's prized security sandbox. If you've been following recent Chrome updates and changelogs, this hacker's name might be familiar, as he was specifically cited in the Android browser's release notes last week. He is not the only well-rewarded hacker either. For example, a team in Japan was rewarded $40,000 discovering two exploits involving the Samsung Galaxy S 4.

That said, none of these security holes have so far been used in any public mischief yet and involved companies have already been notified of such bugs. It is still, however, a good reminder that all it takes is a person with enough knowledge, time, and especially motivation to break into an otherwise secure system.

VIA: Ars Technica


Recent Stories

  • Dissidence

    Preemptive damage control…gotta love it