1. 9

  2. 6

    Sounds like they’re trying to burn as many exploits used in expensive surveillance suites as possible. Good for them for having the budget to host this :)

    1. 4

      Yup! I’m thrilled to see the exploit-chains that are submitted.

      Their requirements are high:

      1. attack vectors: email rendered by gmail app, SMS opened by messenger app.
      2. remote code execution should elevate privileges to (at least) system security context.
      3. exploit-chain should work on both nexus 6p and nexus 5x (an attempt to eliminate vendor-specific threats).

      I recon that we’re about to see an exploit-chain that starts with the baseband-modem (i.e. messing with GSM / CDMA stuff).

      Exciting times :)