On December 29, the finals of the 2022 “Bending Cup” Cracking Contest will be held online. In the qualification review stage, 10 projects were finally selected to enter the semi-finals among all registered projects. After expert review and vulnerability recurrence, the organizer announced the final list of winners: W0rk won the first prize for discovering a firewall vulnerability of a well-known international manufacturer , Rivaille won the second prize for discovering an enterprise-level router vulnerability, and Balisong won the third prize for submitting a NAS device vulnerability.
Shopping, travel, home furnishing… The loopholes submitted in this year’s “Mending Cup” Cracking Contest have penetrated into the details of life. In addition to common enterprise-level firewalls, routers, and NAS devices, it also involves smart U-shaped locks, electric scooters, code scanners, and a full set of smart home related items, including sweeping robots, desk lamps, and stereos.
In this competition, the contestants submitted more “insensitive” vulnerabilities, but the damage and impact these vulnerabilities can cause cannot be underestimated: By using the firewall loopholes of an international manufacturer, you can freely enter and exit the enterprise environment to obtain user information, enterprise Confidential information, and the manufacturer serves most of the world’s top 500 companies, once it is used by criminals, the losses caused will be incalculable; at the moment when scanning code payment is prevalent, the code scanning gun loophole can not only transfer the user’s payment directly when the user pays The merchant will not receive a penny, and the attacker can even use the loophole to directly modify the amount of the scanned code. Both the merchant and the user will suffer losses, and the attacker will steal the money in “stealth” throughout the process; without accessing the victim In the case of a home LAN, using device vulnerabilities can realize remote arbitrary control of smart home devices, and even attack the smart home devices of the brand’s entire network. Vulnerabilities are skyrocketing in both enterprise-class and home-use devices.
The person in charge of the “Bending Cup” cracking competition said that with the exponential growth of the number of IoT devices, the number of vulnerabilities will inevitably increase. At the same time, the continuous improvement of policies and regulations has also clarified the responsibilities and obligations of various entities such as product developers, product service providers, vulnerability discoverers, and vulnerability publishers, and put forward higher requirements for manufacturers and security personnel. The purpose of holding the “Bendian Cup” cracking competition is to build a platform through competition, on the one hand, to attract manufacturers’ attention to network security, and to actively improve their own security capabilities; on the other hand, to encourage the development of white hat talents and promote the training of network security talents , Cultivate strength for the construction of a cyber power.
Butian Platform, the organizer of the “Bending Cup” Cracking Contest, is a third-party public welfare platform focusing on vulnerability response, and ranks among the top three vulnerability platforms in the world. Up to now, more than 105,000 white hat experts have settled in the Butian platform, and the total number of reported vulnerabilities has exceeded 1.08 million, affecting 330,000 companies. The Butian platform has also been repeatedly evaluated as an advanced unit for technical support, an outstanding contribution unit for reporting vulnerability information, and a first-class technical support unit by the Ministry of Public Security, the National Information Security Vulnerability Sharing Platform (CNVD), and the National Information Security Vulnerability Database (CNNVD) , Many elite white hats on the Butian platform were also awarded CNVD’s annual top ten white hats and outstanding individuals.
This article is reproduced from: https://www.leiphone.com/category/industrynews/wGTgDfRzbbzJy6od.html
This site is only for collection, and the copyright belongs to the original author.