*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Atlanta, GA | Posted: April 6, 2020
Tess Malone, Communications Officer
Summary Sentence:
A team of School of Computer Science (SCS) students came in second at Pwn2Own, one of the world’s top hacking competition.
Full Summary:
No summary paragraph submitted.
Pwn2OwnA team of School of Computer Science (SCS) students came in second at Pwn2Own, one of the world’s top hacking competition.
Associate Professor Taesoo Kim’s Systems Software & Security Lab (SSlab) Ph.D. students Insu Yun, Yong Hwi Jin, and Jung Won Lim competed in the annual event. Their objective was to exploit popular software with unknown vulnerabilities.
“As a hacker studying offensive security, we always dreamed of participating in Pwn2Own,” Yun said.
The SCS team exploited Apple’s Safari internet browser. Although the browser category is known to be more difficult, the team was attracted to how technically interesting the challenge was, according to Yun.
The team was also set up for success because the underlying Safari operating system is *nix, a category the team members were familiar with. Adding to their advantage, they also had written an exploit for Safari just last July so they were able to apply that knowledge here as well.
Multiple vulnerabilities are required to attack a modern browser. The team found new six vulnerabilities to compromise Safari, all of which were later confirmed by Apple. To exploit as many vulnerabilities as possible, they used several approaches, including fuzzing, source code review, and reverse engineering.
Ultimately, the competition allowed the team to sharpen skills they can bring back to their SCS research, such as designing automatic tools to find bugs, and identifying vulnerabilities on complex, real-world programs.
“SSlab gave us the opportunity to make a such wonderful team because our
lab is one of the best information security labs in the world with many talented students.”
