A group of Vietnamese engineers won $115,000 for exploiting vulnerabilities in communication platform Microsoft Teams and virtualization Oracle VirtualBox in a hacking competition.
The group, whose members are aged 20-24, was ranked third in the leaderboard, behind France’s Synacktiv and Singapore’s STAR Labs in the computer hacking competition Pwn2Own Vancouver.
Pwn2Own is an annual computer hacking competition organized by Zero-day Initiative, an international software vulnerability initiative. This year, there are seven competition categories: Enterprise Applications, Local Escalation of Privilege, Server, Virtualization, Automotive, Enterprise Communications and Web Browser.
Pham Van Khanh, a participant from Viettel Cyber Security (VCS), said the group chose to compete in the Virtualization and the Enterprise Communications categories, and chose to only focus on exploiting two vulnerabilities and succeeded on both.
The Microsoft Teams vulnerability was exploited in less than 10 seconds, bringing the team $75,000, while the Oracle VirtualBox vulnerability was exploited for $40,000.
Manh Dung, another Vietnamese engineer participating in the competition, said the toughest challenge was the fact that participants had to target the vulnerabilities of some of the world’s largest manufacturers within a short period of time.
“It makes exploitation harder and more competitive,” he said.
Mai Xuan Cuong, head of system and application security department at VCS, said the fact that young Vietnamese engineers could win prizes at Pwn2Own has shown that they are competitive enough against foreign engineers.
“This achievement has shown that Vietnam is moving in the right direction when it comes to the training of personnel in IT and cybersecurity,” he said.