Hack a phone, get $10,000

If you like hacking cell phone or web security, and plan to be in British Columbia next month, put your talents to better use ? like, say, winning $10,000, courtesy of TippingPoint.

Here's the catch: You have to be at the CanSecWest Security Conference in Vancouver (March 16?20). TippingPoint is holding its third annual Pwn2Own contest there.

The company's DVLabs just released the rules for this year's competition, which will focus on mobile devices and web browsers.

Option 1: Phones
The prize money isn't dedicated to a single winner. In fact, the cash goes to any participant who successfully hacks an Android, BlackBerry, iPhone, Symbian, or WinMo phone ? without prying, popping or otherwise physically cracking it open. The attacks just need to be activated by email, text, web surfing, or other activities a user would normally do on the handheld. The first one who succeeds, however, also gets to keep the phone (along with a one-year contract, fully paid).

Option 2: Web browsers
Option 2 pits hackers against computer web browsers, including Chrome, Firefox, and Internet Explorer 8 (on a Sony Vaio with Windows 7), or Firefox and Safari (on a MacBook with OS X). To win, the feats can't require more user interaction than a single click on a malicious link.

The award for option 2, at $5,000, is just half that of option 1. But at least this prize money is enough to cover the conference costs (and bogus credentials to get yourself in there, if need be ? Then again, it is a security conference, so maybe it's not such a hot idea).


The whole point of the Pwn2Own contest is to discover immediate weaknesses. TippingPoint then alerts the companies to the vulnerabilities, so tech junkies like us can be protected.

Last year, a MacBook Air got hacked in two minutes by researchers from Independent Security Evaluators, who discovered a vulnerability in Safari 3.1. They went home with both $10,000 and the laptop.