The iPhone 11 Pro de Apple was the involuntary protagonist of a competition for hackers held in China, the TianFu Cup, the most important of the category that is celebrated in that country. Among the milestones that occurred in that event, the work of a team of experts in Informatic security that violated that smartphone in just ten seconds.
Specifically, the “victim” was iOS 14, the most recent operating system from the bitten apple company. Other systems and devices were violated at the event, such as the Samsung Galaxy S20, Firefox and Safari browsers, Adobe PDF Reader and Windows 10, among other technological products.
As we will mention later, the intention is not to harm the companies that market those devices and / or programs, but to report to them directly to prevent the breaches from being exploited with malicious intent by hackers.
Hack for sport
TianFu Cup 2020 It was developed in the Chinese city of Chengdu. In this year’s edition, 15 teams participated with the aim of finding previously unknown vulnerabilities and using those gaps to hack a specific device or application. Each squad was offered three attempts of five minutes each. Otherwise, as usual in this type of competition, the contestants were promised a reward of money beyond the applause and recognition.
The amount depended on the objective and the type of vulnerability discovered.
As we pointed out, the most relevant hack was the iOS 14 operating system, running on an iPhone 11 Pro. In just ten seconds the software was mocked by members of the Ant-Financial Light-Year Security Lab and Government and Corporate Security Vulnerability Research Institute teams. Both groups received a total of $ 180,000 after demonstrating their hacking prowess.
These types of contests (another known in the field is Pwn20wn, in the CanSecWest conferences held in Canada) do not seek to harm the products they violate, but rather to delve into issues of Informatic security.
In addition, each of the flaws found are reported to suppliers and manufacturers, according to the rules established in those contests, so that they can offer a solution before they are exploited by cybercriminals and release patches in future updates. After all, those events they try to dissociate the term “hacker” from criminal acts made through electronic means. In that sense, those are computer experts who do not pursue the damage, but show enthusiasm in the area and collaborate with developers to strengthen security.