Pwn2Own VMware Escape Earns $105,000 Prize
Ashley Allen / 8 years ago
Annual hacking contest Pwn2Own gave us – and its victors – a real treat this year; a renowned team of hackers were able to compromise Microsoft’s Edge browser in such a way that it allowed them to escape the virtual machine they were walled within and access the host computer. The feat earned Qihoo 360 – a Chinese hacker collective that was recently responsible for hacking Google’s new Pixel phone in under sixty seconds – a $105,000 prize.
“We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine,” Zheng Zheng, Executive Director of Qihoo 360, told Ars Technica. “Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website.”
A virtual machine – like, in this case, VMware – is designed to contain any piece of software run within it, preventing it from coming into contact with the host system, and is used for this purpose by security researchers to examine potentially malicious content. Qihoo 360’s achievement could potentially render this vital security measure utterly redundant.
“A virtual machine hypervisor is just another software-based isolation layer that can have vulnerabilities in it that permit attacks to break through,” Dino Dai Zovi, co-founder and CTO of security outfit Capsule8 and Pwn2Win winner himself a decade ago, said. “Isolation layers such as sandboxes, virtualization, and containerization all add more work for an attacker, but none are perfect. Defenders should always assume that they can be broken through with enough work by an attacker.”