Skip to main content

Hackers fear regulations ahead of Pwn2Own

Pwn2Own contest organisers have issued a warning saying that certain regulations could put foreign hackers exploiting vulnerabilities to risk, and urged them to seek legal advice before entering the contest.

The regulation in question is called the Wassenaar Arrangement, a 42-nation effort aimed at "promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies".


This basically means that even talking about infosec research abroad could land a hacker in trouble.

Pwn2Own is a contest in which hackers are asked to develop exploits and pop software in live demonstrations. After the demonstration, bigger vulnerabilities are bought by the organiser HP TippingPoint and given to the owners, so that they may patch themselves up.

The issues with the Arrangement were pointed out by the Chaos Computer Club (CCC), but some assurances were given (opens in new tab) that it was not created to hinder research, but to stop illegal activity.

Chaouki Bekrar, former co-founder of exploit brokers Vupen, and other industry bods reported the email alert over Twitter, the Register writes (opens in new tab).

"Exploits are export controlled items and participants should work with their legal counsel on proper handling," the Zero Day Initiative email was reported as saying.

This year the event will be held at the CanSecWest security conference in Canada March 18 and 19.

The contest will reward hacks with $75,000 (£46,760) for flaws for 64 bit Google Chrome; $65,000 (£42,260) for 64 bit Microsoft Internet Explorer, and $60,000 (£39,000) for Adobe Reader or Flash running on that browser; $30,000 (£19,510) for Mozilla Firefox, and $50,000 (£32,510) for Apple's 64 bit Safari browser running on OS X Yosemite.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.