Geohot wins $150,000 for exposing ChromeOS exploits

By , Mar 15, 2014

GeoHot Hackathon

Google held its Pwnium 4 security competition last week at CanSecWest in Vancouver, Canada. The day-long event ended with hundreds of thousands of dollars being awarded to hackers who demonstrated exploits in Google Chrome. And believe it or not, $150,000 of that went to Geohot.

For those not familiar with the name, Geohot has picked up a number of headlines over the past 7 years. After hacking the iPhone he took his talents to the PS3, where he caused enough chaos to get sued by Sony. And he’s since been spotted at Facebook, iOSDevCamp and various other places…

Here’s the announcement from Google’s Chrome Release blog:

Security Fixes and Rewards

Congratulations to geohot for an epic Pwnium competition win. Pinkie Pie provided a fascinating set of vulnerabilities that will be rewarded through the Chrome VRP program. Moreover, one of the bugs exploited by VUPEN on Pwn2Own affected Chrome OS.

We’re delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both Pwnium submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on these submissions in the future.

- [Like a c-c-c-c-hamp!!! $150,000] [351788Persistent code execution on Chrome OS. Credit to geohot.
- [351787High CVE-2014-1705: Memory corruption in V8
- [351796Low CVE-2014-1706: Command Injection in Crosh
- [351811High CVE-2014-1707: Path traversal issue in CrosDisks
- [344051Critical CVE-2014-1708: Issue with file persistence at boot
- [$TBD] [352492Sandboxed code execution and kernel OOB write.Credit to Pinkie Pie.
- [351852High CVE-2014-1710: Memory corruption in GPU command buffer
- [351855High CVE-2014-1711: Kernel OOB write in GPU driver
- [352374High CVE-2014-1713: Use-after-free in Blink bindings. Credit to VUPEN.

This isn’t the first time GeoHot has been offered big bucks for his talents. Back in 2009 he reportedly received $10,000 for unlocking iPhone baseband 05.11.07 of iOS 3.1.2. And more recently, he was rumored to be working on a deal to sell an iOS 7 jailbreak to a company for a $350,000 bounty.

  • Share:
  • Follow:
  • Framboogle

    Nice work geohot! Could you please start working on a 7.1 jailbreak?

    • M Last

      I don’t think he wants to do it,because he is a businessman
      it’s won’t be for free!
      forget about it!

      • Ben

        I would pay $15 bucks to have the freedom of an iOS 7 jailbreak, even though I am on 7.0.6. And I am sure MANY other people would too.

      • M Last

        I am agree to pay for jailbrek
        they reported over 5,000,000 idevices has been jailbroken
        even if they put price for $0.99
        will be fairly

      • Matt

        I’d pay $50 if necessary!!!
        I’m still on 7.0.4
        Installed the SSL patch yesterday whew

      • Jonathan

        Same. :P

      • Lady GAGA

        That’s a joke , I installed that’s SSL thing from cydia , at first I thought it’s all good now but soon later I have a lot of ssl related problems ( for example , Facebook and YouTube won’t connect -as if offline ) , so I immediately upgraded to ios 7.0.6 …. 2 days later ios 7.1 was released ..

      • Jonathan

        Haven’t had any of those problems.

      • Lady GAGA

        Only time will tell …..

      • Jonathan

        Why? Wouldn’t it have started happening right away? I’ve had it since it was released. No problems at all.

      • Matt

        Well since I’m on 7.0.4 i’d better be “safe” than sorry not that I have any important stuff on my phone except my iTunes password and social network passwords. And my high score in FlappyBird which is 114

      • Lady GAGA

        That’s a joke , I installed that’s SSL thing from cydia , at first I thought it’s all good now but soon later I have a lot of ssl related problems ( for example , Facebook and YouTube won’t connect -as if offline ) , so I immediately upgraded to ios 7.0.6 …. 2 days later ios 7.1 was released .

      • Ethos Evoss

        why 704 ? i have 706 J-broken..

      • Matt

        Ehh I was too lazy to connect my phone to the computer to update it.

      • WolfgangHoltz

        Haha how much do you think Evasi0n made in the last jailbreak.

      • Carlos Gomes

        Please, not that again…

      • Senthet

        Why should that info be so hush hush?
        We are living in a free democratic world aren’t wee. There is no such thing as a free lunch.

      • Carlos Gomes

        I don’t have any problem about the evad3rs making money through their own work and it’s okay to talk about it.
        My “not that again” remark was about the annoying rantings about the team selling out, about being gold diggers and all that whining.

      • Senthet

        Yea I agree they have all right to do whatever they like it’s their work. But evasi0n7 is stressed out and badly written. And I don’t think we ever will see anything more from evaders ahead.. And also from others it looks like that.

        No Sn0wbrease, iFaith, redsn0w only some parts work. and Tiny umbrella not working since one year or more.
        I’m afraid if nothing drastic emerge the whole JB world will come to an end sooner than most people can imagine.

  • Rahimo

    That’s a lot of money Geohot !!! Take a look on iOS 7.1 please !!!

  • M Last

    nice job Geohot!
    good luck!

  • jack

    this kid kicks assssssssss

  • Andreas

    Geohot is amazing! Too bad I hate the recent Chrome updates, and by that forces me to stick with an old version of the browser, not allowing me to get new security updates. Whatever, rather less security and more possible options than more security and a Google forcing, according to me, bad updates in your face…

    Just a side note: does anyone know how the fight between Geohot and Sony, which was mentioned in the article, turned out?

    • John Sklikas

      Yes, after the trials GeoHot was left free, under the condition that he would never hack a Sony Device again. I also think that a small fine was additionally imposed to GeoHot.

  • Chuck Finley

    Whatever keeps him away from that godawful rubbish he recorded and calls “rap” is a good thing.

    • AndroidDogHeatandSteelersFan

      entertaining very

  • Raul M

    you should jailbreak the ps4 and ps3 latest version and dont get credit so u dont get sued but we would all know it would be u;)lol

  • http://nurudin.jauhari.net/ Jauhari

    HERO for Community

  • Antzboogie

    Geohot great job man!! Congratulations!! I just hope that rumor about you selling a jailbreak not true, unless its a hardware exploit ;) wait till iPhone 6 please lol

  • Matthew

    Is iOSdevCamp run by Apple?

  • http://www.apple.com St3vè Jb

    Real GeoHot working Hard on iOS 8 JAILBREAK‼️
    Take a Look

    • Matthew Cleveland

      Go Geohot Go!

  • Ethos Evoss

    want his brain tho !

  • Ethos Evoss

    i vud never pay