What’s the world’s safest internet browser?
According to 2014’s Pwn2Own hacking competition – none of them. After two days of competition, all major internet browsers had fallen to some hacks or another.
The annual Pwn2Own competition takes place in Vancouver as part of the CanSecWest security conference. It puts security researchers up against the latest versions of Chrome, Internet Explorer, Safari, Firefox, and Adobe Flash Player in an effort to see if any browser is truly unhackable.
In all Pwn2Own competitions thus far, no browser has been unhackable.
This latest competition saw the major browsers fall in the following ways:
-Firefox fell to a “remote code execution exploit” on the second day, although other researchers were able to hack the browser on the first day
-Internet Explorer fell to a browser-based exploit that linked together two “use-after-free” vulnerabilities and a known Windows kernel bug
-Apple Safari fell to a heap overflow vulnerability combined with a sandbox bypass
-Chrome fell to a remote code execution exploit similar to the one that brought it down at Google’s hacking event, Pwnium, earlier this year
Pwn2Own isn’t an evil event where hackers can share ways to harm people and their computers. Instead, all exploits are shared with browser developers in order to expand the world of browser security.
In fact, some of the most entertaining events at Pwn2Own pitch two company hacking teams against one another. This year, Google went head to head against HP’s team in an effort to hack Internet Explorer 11.
What does it mean when a browser is “hacked”?
Hacking a browser might seem innocent. Okay, great: the hackers can see my bookmarks and website history. Who cares?
Unfortunately, hacking a browser is actually very serious. Hacking a browser allows the malicious attacker to execute code remotely on your PC. In the Pwn2Own competition, attackers generally demonstrated the hack by opening benign applications like the Calculator or other simple programs. In reality, an attacker could open Windows Explorer, System Control Panel, or even execute custom programs designed to steal your identity and wreak havoc on your PC.
By the way, if you think these hackers are just hobbyists competing for some silly goal, consider the fact that this year’s Pwn2Own event handed out a record $850,000 in total prizes.