{"634115":{"#nid":"634115","#data":{"type":"news","title":"Team IDs Real-world Vulnerabilities In Popular Browser During Premier Hackathon ","body":[{"value":"\u003Cp\u003EA team of School of Computer Science (SCS) students came in second at \u003Ca href=\u0022https:\/\/www.thezdi.com\/blog\/2020\/3\/17\/welcome-to-pwn2own-2020-the-schedule-and-live-results\u0022\u003EPwn2Own\u003C\/a\u003E, one of the world\u0026rsquo;s top hacking competition.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAssociate Professor \u003Cstrong\u003ETaesoo Kim\u0026rsquo;s\u003C\/strong\u003E \u003Ca href=\u0022https:\/\/gts3.org\/\u0022\u003ESystems Software \u0026amp; Security Lab\u003C\/a\u003E (SSlab) Ph.D. students \u003Ca href=\u0022https:\/\/jakkdu.github.io\/\u0022\u003E\u003Cstrong\u003EInsu Yun\u003C\/strong\u003E,\u003C\/a\u003E \u003Cstrong\u003EYong Hwi Jin,\u003C\/strong\u003E and \u003Cstrong\u003EJung Won Lim \u003C\/strong\u003Ecompeted in the annual event. Their objective was to exploit popular software with unknown vulnerabilities.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;As a hacker studying offensive security, we always dreamed of participating in Pwn2Own,\u0026rdquo; Yun said.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe SCS team exploited Apple\u0026rsquo;s Safari internet browser. Although the browser category is known to be more difficult, the team was attracted to how technically interesting the challenge was, according to Yun.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe team was also set up for success because the underlying Safari operating system is *nix, a category the team members were familiar with. Adding to their advantage, they also had written an exploit for Safari just last July so they were able to apply that knowledge here as well.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EMultiple vulnerabilities are required to attack a modern browser. The team found new six vulnerabilities to compromise Safari, all of which were later confirmed by Apple. To exploit as many vulnerabilities as possible, they used several approaches, including fuzzing, source code review, and reverse engineering.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EUltimately, the competition allowed the team to sharpen skills they can bring back to their SCS research, such as designing automatic tools to find bugs, and identifying vulnerabilities on complex, real-world programs.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;SSlab gave us the opportunity to make a such wonderful team because our\u003Cbr \/\u003E\r\nlab is one of the best information security labs in the world with many talented students.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"A team of School of Computer Science (SCS) students came in second at Pwn2Own, one of the world\u2019s top hacking competition. "}],"uid":"34541","created_gmt":"2020-04-06 21:43:36","changed_gmt":"2020-04-06 22:08:43","author":"Tess Malone","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2020-04-06T00:00:00-04:00","iso_date":"2020-04-06T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"634116":{"id":"634116","type":"image","title":"Pwn2Own","body":null,"created":"1586210538","gmt_created":"2020-04-06 22:02:18","changed":"1586210538","gmt_changed":"2020-04-06 22:02:18","alt":"Pwn2Own team","file":{"fid":"241295","name":"group_picture.JPG","image_path":"\/sites\/default\/files\/images\/group_picture.JPG","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/group_picture.JPG","mime":"image\/jpeg","size":417144,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/group_picture.JPG?itok=URzPiyMY"}}},"media_ids":["634116"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50875","name":"School of Computer Science"}],"categories":[],"keywords":[],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ETess Malone, Communications Officer\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022mailto:tess.malone@cc.gatech.edu\u0022\u003Etess.malone@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}