The Tianfu Cup hacking contest is China’s counterpart to the Pwn2Own style competitions elsewhere in the world, offering big prizes to researchers who bypass protections on consumer devices and software. On the first day of the 2021 competition, it appears one team has already secured a major prize, by successfully attacking an iPhone 13 Pro.
Pangu team, best known for jailbreaking Apple hardware, has reportedly successfully performed an attack against the iPhone 13 Pro and iOS 15 at the highest possible prize level. According to a tweet by Kunlun Lab CEO @mj0011sec spotted by iDownloadBlog, Team Pangu managed a remote jailbreak, earning the highest prize on offer for the device, and earning the top spot in the competition’s rankings.
According to the contest website, teams had to allow the iPhone 13 Pro to browse a remote URL, to allow the contestants a chance to “control the phone system.” As part of the challenge, contestants had to bypass “PAC mitigation,” with additional prizes offered for a sandbox escape or a jailbreak.
Three tiers of prizes were associated with the iPhone 13 Pro, with remote code execution winning $120,000, while RCE with a sandbox escape securing the contestant $180,000. For the remote jailbreak, the prize is $300,000.
The iPhone is only one of a number of targets in the overall competition, covering both Apple devices and products from other companies. Other targets include RCE attacks against Safari running on both Intel and Apple Silicon MacBook Pro models, as well as a Synology NAS, a Xiaomi Mi 11 smartphone, and Windows 10 and Google Chrome running on notebooks, among others.
With another day left to run, it’s likely that more successful attempts against Apple’s hardware, and others, will be reported before the competition formally concludes.
In the 2020 competition, two sandbox escapes were performed against an iPhone running iOS 14, earning participants $180,000 for each one.
It is unlikely that any details of the hack will be made public anytime soon, as responsible disclosure policies usually require the hack to be reported to the relevant companies or developers to be fixed before a public reveal.
