HACKING

Gone in 60 seconds: Chinese hackers shut down Adobe Flash, Internet Explorer ... but only for top hackathon

PUBLISHED : Friday, 20 March, 2015, 10:57am
UPDATED : Thursday, 16 April, 2015, 10:59am

Members of two Chinese hacking teams have scooped the top prizes at a major annual hacking competition held in Vancouver, Canada, this week.

Hackers at Pwn2Own, launched in 2007 and sponsored by Google and HP, were successful in breaching the security of widely-used software including Adobe Flash, Mozilla's Firefox browser, Adobe PDF Reader and Microsoft's recently-discontinued Internet Explorer.

Flash, in particular, enables streaming media, advertising and multimedia content on millions of websites

The Shanghai-based Keen Team won US$60,000 for a 30-second hack of Flash, and a further US$25,000 for managing to exploit a bug in Windows' font handling to bypass its defensive measures and give themselves administrator privileges.

Keen Team's Lu Jihui, collaborating with Tencent PC Manager hacker Jun Mao, also scooped US$55,000 for a series of exploits of Adobe Reader.

The two hackers took less than 60 seconds to bypass PDF security protections.

Members of another Chinese hacking squad, 360Vulcan, were also successful in breaching the security of Internet Explorer, the widely-used web browser. 

"IE is a popular application software in China, also a challenging attack project in this contest. Only with constant innovations and improvement can we find the best solutions," the team said in a statement.

Microsoft announced this week that it was discontinuing its much-used but much criticised Internet Explorer after 20 years as it shifts to its new Spartan browser.

This year marked Keen Team's third consecutive competition. In the past, the team has successfully bypassed the security on Apple's Safari browser and iPhone operating system, as well as repeatedly hacking Adobe Flash despite improvements in security.

Last year, the team donated a portion of their winnings at Pwn2Own to charities representing the families of the victims of Malaysian Airlines flight 370.

With an average age of 34, several members of the team are recent graduates of Shanghai's prestigious Fudan and Jiatong Universities, while others worked as information security researchers at Microsoft before joining Keen Cloud Tech. 

Despite the almost lightning speed of the hacks, Yiping Lv, COO of Keen Cloud Tech, which sponsors the hacking team, said it reflected years of training and practice.

"The discovery and exploit of a vulnerability is not as simple as one images," Lv said in a statement.

WATCH: The Keen Team reveals some secrets to their hacking prowess

“We have several people working on vulnerability digging, new ways of finding vulnerabilities and researching into other areas of infosec [information security] like web security and mobile. We have a team of people focusing on vulnerability studies including exploitation," hacker Fang Jiahong told security news website Threat Post.

While Keen Team dedicate themselves to exploit loopholes in order to improve computer security, other Chinese hackers are not so altruistic.

Former US National Security Agency director Mike McConnell said this week that hackers working for the Chinese government have broken into the computers at every major American company.

"The Chinese have penetrated every major corporation of any consequence in the United States and taken information," he said.

"We've never, ever not found Chinese malware."

While in the past, Beijing has strongly denied any connection to hacking, the latest edition of The Science of Military Strategy, put out by the top research institute of the People's Liberation Army in 2013 but only made widely available this month, admits that there are digital weapons teams "on both the military and civilian-government sides".