Geohot wins $150,000 for exposing ChromeOS exploits

GeoHot Hackathon

Google held its Pwnium 4 security competition last week at CanSecWest in Vancouver, Canada. The day-long event ended with hundreds of thousands of dollars being awarded to hackers who demonstrated exploits in Google Chrome. And believe it or not, $150,000 of that went to Geohot.

For those not familiar with the name, Geohot has picked up a number of headlines over the past 7 years. After hacking the iPhone he took his talents to the PS3, where he caused enough chaos to get sued by Sony. And he’s since been spotted at Facebook, iOSDevCamp and various other places…

Here’s the announcement from Google’s Chrome Release blog:

Security Fixes and Rewards

Congratulations to geohot for an epic Pwnium competition win. Pinkie Pie provided a fascinating set of vulnerabilities that will be rewarded through the Chrome VRP program. Moreover, one of the bugs exploited by VUPEN on Pwn2Own affected Chrome OS.

We’re delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both Pwnium submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on these submissions in the future.

– [Like a c-c-c-c-hamp!!! $150,000] [351788Persistent code execution on Chrome OS. Credit to geohot.
– [351787High CVE-2014-1705: Memory corruption in V8
– [351796Low CVE-2014-1706: Command Injection in Crosh
– [351811High CVE-2014-1707: Path traversal issue in CrosDisks
– [344051Critical CVE-2014-1708: Issue with file persistence at boot
– [$TBD] [352492Sandboxed code execution and kernel OOB write.Credit to Pinkie Pie.
– [351852High CVE-2014-1710: Memory corruption in GPU command buffer
– [351855High CVE-2014-1711: Kernel OOB write in GPU driver
– [352374High CVE-2014-1713: Use-after-free in Blink bindings. Credit to VUPEN.

This isn’t the first time GeoHot has been offered big bucks for his talents. Back in 2009 he reportedly received $10,000 for unlocking iPhone baseband 05.11.07 of iOS 3.1.2. And more recently, he was rumored to be working on a deal to sell an iOS 7 jailbreak to a company for a $350,000 bounty.