Note: The contest rules were updated on February 7th to clarify guest OSes that can be used in the Virtualization Category. Please review the rules for full details.
Last year, we celebrated the 15th anniversary of Pwn2Own with a spectacular contest. We awarded more than $1,000,000 USD for the amazing research demonstrated. That makes us even more excited to return to Vancouver for the 2023 edition of Pwn2Own. Similar to last year, we’ll be holding a hybrid conference with most of us in person at the Sheraton Wall Center in Vancouver for the CanSecWest conference on March 22-24, 2023. The other part of the hybrid event means that we also allow remote participation. If you have either travel restrictions or travel safety concerns, you can opt to compete remotely.
We’re also excited to have Tesla return as a partner. They always innovate, and we’ve updated our target list to keep up. We’ve added a Steam VM Escape category with multiple targets. It may a bit strange to be targeting a steam engine on an electric car, but here we are. We’ll have both a Tesla Model 3 and a Tesla Model S available as targets, with the top prize going for $600,000 (plus the car itself). Of course, virtualization exploits are always a contest highlight, and VMware returns as a sponsor with VMware Workstation and ESXi returning as targets.
We’ve added a couple of new targets in other existing categories as well. DNS is one of the core services of the internet, and cloud computing couldn’t work without it. That’s why we’ve added Microsoft DNS Server and ISC BIND into the Servers category. Apple systems are a common item found in work centers, so we’ve added macOS back into the Local Escalation of Privilege category with a focus on the M-series MacBook Pro.
In addition to the in-person attempts at the conference, we’ll be producing quick videos of the exploits, so if you can’t attend you can still get a feel for what it’s like in the room. All told, more than $1,000,000 USD in cash and prizes are available to contestants, including the Tesla vehicle, in the following categories:
— Virtualization Category
— Web Browser Category
— Enterprise Applications Category
— Server Category
— Local Escalation of Privilege Category
— Enterprise Communications Category
— Automotive Category
Of course, no Pwn2Own competition would be complete without us crowning a Master of Pwn. Since the order of the contest is decided by a random draw, contestants with an unlucky draw could still demonstrate fantastic research but receive less money since subsequent rounds go down in value. However, the points awarded for each unique, successful entry do not go down. Someone could have a bad draw and still accumulate the most points. The person or team with the most points at the end of the contest will be crowned Master of Pwn, receive 65,000 ZDI reward points (instant Platinum status), a killer trophy, and a pretty snazzy jacket to boot.
Let’s look at the details of the rules for this year’s contest.
We’re happy to have VMware returning as a Pwn2Own sponsor for 2023, and this year, again we’ll have VMware ESXi alongside VMware Workstation as a target with awards of $150,000 and $80,000 respectively. VMware has been a sponsor of Pwn2Own for multiple years, and we’ve seen some great research presented at the contest in years past. Microsoft also returns as a target and leads the virtualization category with a $250,000 award for a successful Hyper-V Client guest-to-host escalation. Oracle VirtualBox rounds out this category with a prize of $40,000. We’ve seen some amazing guest-to-host OS escalations demonstrated at previous Pwn2Own contests. Here’s hoping we see more this year.
There’s an add-on bonus in this category as well. If a contestant can escape the guest OS, then escalate privileges on the host OS through a Windows kernel vulnerability (excluding VMware ESXi), they can earn an additional $50,000 and 5 more Master of Pwn points. That could push the payout on a Hyper-V bug to $300,000. Here’s a detailed look at the targets and available payouts in the Virtualization category:
While browsers are the “traditional” Pwn2Own target, we’re continuously tweaking the targets in this category to ensure they remain relevant. We re-introduced renderer-only exploits last year, and this year, their price increases to $60,000. However, if you have that Windows kernel privilege escalation or sandbox escape, that will earn you up to $100,000 or $150,000 respectively. If your exploit works on both Chrome and Edge, it will qualify for the “Double Tap” add-on of $25,000. The Windows-based targets will be running in a VMware Workstation virtual machine. Consequently, all browsers (except Safari) are eligible for a VMware escape add-on. If a contestant can compromise the browser in such a way that also executes code on the host operating system by escaping the VMware Workstation virtual machine, they will earn themselves an additional $80,000 and 8 more Master of Pwn points. Full exploits are still required for Apple Safari and Mozilla Firefox. Here’s a detailed look at the targets and available payouts:
Enterprise applications also return as targets with Adobe Reader and various Office components on the target list once again. This year, we’re also allowing these applications to be run on an M-series MacBook. Prizes in this category run from $50,000 for a Reader exploit with a sandbox escape or a Reader exploit with a kernel privilege escalation and $100,000 for an Office 365 application. Word, Excel, and PowerPoint are all valid targets. Microsoft Office-based targets will have Protected View enabled where applicable. Adobe Reader will have Protected Mode enabled where applicable. Here’s a detailed view of the targets and payouts in the Enterprise Application category:
As mentioned, we’re again expanding the Server category by adding ISC BIND and Microsoft DNS Server to the target list. A successful exploit on one of these will earn the contestants $200,000 or $150,000 respectively. We added Samba as a target last year but has no takers. We’ll see if any registers for it in 2023. This category is rounded out by Microsoft Windows RDP/RDS, which also has a payout of $200,000. Here’s a detailed look at the targets and payouts in the Server category:
This category is a classic for Pwn2Own and focuses on attacks that originate from a standard user and result in executing code as a high-privileged user. A successful entry in this category must leverage a kernel vulnerability to escalate privileges. Ubuntu Desktop, Apple macOS, and Microsoft Windows 11 are the OSes available as targets in this category.
We introduced this category in 2021 to reflect the importance of these tools in our modern, remote workforce, and we were thrilled to see both targets compromised during the contest. Last year’s event included a 0-click exploit of Microsoft Teams. A successful attempt in this category must compromise the target application by communicating with the contestant. Some example communication requests could be audio calls, video conferences, or messages. Both Zoom and Microsoft Teams have a $75,000 award available, so we’re hoping to see more great research in this category.
We introduced the Automotive category in 2019, and we are excited to have Tesla return as a partner for 2023. We awarded a Tesla Model 3 in that first contest, but we wanted to raise the level of complexity of what constitutes a successful exploit. Tesla vehicles are equipped with multiple layers of security, and for this year’s event, there are multiple tiers of awards within the Automotive category that corresponds to some of the different layers of security within a Tesla car, with additional prize options available in certain instances. Contestants can register an entry against either a Tesla Model 3 (Intel or Ryzen-based) or the Tesla Model S (Ryzen-based).
Tier 1 earns the top prizes and represents a complete vehicle compromise. Correspondingly, this also has the highest award amounts. To win this level, a contestant will need to pivot through multiple systems in the car, meaning they will need a complex exploit chain to get arbitrary code execution on three different sub-systems in the vehicle. Success here gets a big payout and, of course, a brand-new Tesla.
In addition to the vehicle itself and $500,000, contestants can go for the additional options to raise the payout to $600,000. This represents the single largest target in Pwn2Own history. If someone can do this, it would also mean 60 total Master of Pwn points, which is nearly insurmountable. Here’s some additional info on the optional add-ons that are included in the various tier levels.
Again, it’s difficult to express the complexity of completing such a demonstration, but we’re certainly hopeful that someone can show off their exploit skills and drive off a winner.
The second tier in this category is not quite as complex but still requires the attacker to pivot through some of the vehicle’s sub-systems. This level requires the contestant to get arbitrary code execution on two different sub-systems in the vehicle, which is certainly a difficult challenge. If you include the optional targets, the largest single payout for Tier 2 would be $400,000. A winning entry in Tier 2 would still be an impressive and exciting demonstration and includes driving off with the Tesla. Tier 2 also includes some of the above add-ons, as detailed below:
The targets in Tier 3 could prove to be just as difficult, but you only need to compromise one sub-system for a win here, which is still no easy task. Not every instance within Tier 3 includes winning the car. This year also introduces the Steam VM Escape category as an attack vector. Some of the Tier 3 targets have add-ons available, but to drive away with a Tier 3 prize, a contestant would need to target one of the entries marked “Vehicle Included” in the table below:
The complete rules for Pwn2Own 2023 are found here. As always, we encourage entrants to read the rules thoroughly if they choose to participate. If you are thinking about participating but have specific configuration or rule-related questions, email us. Questions asked over Twitter or other means will not be answered. Registration is required to ensure we have sufficient resources on hand at the event. Please contact ZDI at email@example.com to begin the registration process. Registration closes at 5 p.m. Pacific Time on March 16, 2022.
Be sure to stay tuned to this blog and follow us on Twitter, Mastodon, LinkedIn, or Instagram for the latest information and updates about the contest. We look forward to seeing everyone wherever they may be, and we hope someone has a new car to drive home from this year’s Pwn2Own competition.
With special thanks to our Pwn2Own 2023 Partner Tesla and our Pwn2Own 2023 sponsor VMware
Blog post Zero Day Initiative – Blog