Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack Chromebook In Guest Mode, Win $100,000

Posted by timothy on from the money-where-mouth-is dept.

An anonymous reader writes: Google has once again upped the ante for bug hunters concentrating on Chrome, and is now offering $100,000 to anyone capable of achieving a compromise of a Chromebook or Chromebox (the desktop variant of the Chromebook laptop) with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page). From Google's Monday announcement: Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode. Since we introduced the $50,000 reward, we haven't had a successful submission. That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.

23 of 45 comments (clear)

  1. Manages high security by Chrisq · · Score: 2

    Manages high security by being very limited. Don't get me wrong, if all you want is a portable machine with a browser then it's great.

    1. Re:Manages high security by mwvdlee · · Score: 1

      In other words; a perfect match for the 50% (rounding down) of humans that are pretty much computer-illiterate.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    2. Re:Manages high security by LichtSpektren · · Score: 2

      Nowadays there's a web app version of almost everything. A thin client can do a lot of 2016. When you consider the fact that 90% of the human race just wants to use social media, write emails, shop and watch videos, it's not a bad sell.

    3. Re:Manages high security by Scarred+Intellect · · Score: 1

      What?! You mean there's more to the internet than that!? Outrageous! Nobody ever told me that! Where is this mythical world you speak of? Do I search for it in the Facebook search box, or the YouTube one?

    4. Re:Manages high security by infolation · · Score: 1

      90% of the human race just wants to use social media, write emails, shop and watch cat videos

      FTFY

    5. Re:Manages high security by shawn2772 · · Score: 1

      Nowadays there's a web app version of almost everything. A thin client can do a lot of 2016. When you consider the fact that 90% of the human race just wants to use social media, write emails, shop and watch videos, it's not a bad sell.

      Or write documents, build spreadsheets, make presentations, etc. Chromebooks are quite good for the sort of productivity work most people do. I have the option of getting a Pixel2 for work, and it would meet 100% of my work needs, including writing code[*]. Honestly, the only reason I have a Macbook is because I also use it for personal photo and video editing. Oh, and I prefer a local app for tracking my personal finances. I think there are some perfectly adequate online financial management programs, but I don't trust any online service to know everything about my money. However, now that I look, there are several personal finance apps on the Chrome web store... it looks like they store data on Google's servers, but only in encrypted form, and everything of substance happens locally. That could work, too. I'll have to see if any of them are decent.

      I've recommended Chromebooks to lots of college students and they've all been very happy with the choice. My son (in college) has both a Chromebook and a Windows laptop. He uses the Windows laptop for playing games, but prefers the Chromebook for all of his school work, as well as surfing. He likes the Chromebook better.

      [*] Note that in large part this is because company policy doesn't allow code to be stored on laptops anyway. We have fairly good cloud-based tools for editing, building, testing, reviewing and submitting code changes in a web browser, and where those are inadequate we use Chrome Remote Desktop to work remotely on our desktop machines. Without those constraints a regular laptop would be better. Mostly. I work on Android and building it on a laptop is painful to the point of infeasible, so I'd want to use my 64-core behemoth of a desktop anyway.

    6. Re:Manages high security by edtice1559 · · Score: 1

      A limited, functioning machine is better than an unlimited non-functioning machine. You can get many things done with a browser. The point of having a secure guest mode is that you can safely let other people use your device. Also makes it better for setting up things like kiosks.

    7. Re:Manages high security by edtice1559 · · Score: 1

      And a limited machine means they can spend more time doing this and less time maintaining the thing. A car is limited compared to an 18 wheeler, too.

  2. tl;dr description of the contest. by nimbius · · Score: 1

    question: can you hack a hardened, underpowered Linux workstation without root access.
    response: no one hacks an OS anymore, they bolt-on worms, social engineering, flash zero-days and javascript bypasses to steal your credit cards and dick pics.

    --
    Good people go to bed earlier.
    1. Re:tl;dr description of the contest. by LichtSpektren · · Score: 1

      question: can you hack a hardened, underpowered Linux workstation without root access. response: no one hacks an OS anymore, they bolt-on worms, social engineering, flash zero-days and javascript bypasses to steal your credit cards and dick pics.

      That's nice, but you get $100k if you can hack the OS.

  3. GhostShell by Scarred+Intellect · · Score: 1

    I found a job for GhostShell!

  4. Re:I've got an idea for another contest! by LichtSpektren · · Score: 2

    I've got a great idea for another contest. The Slashdot headline for the submission about it could be, "Use Chromebook Productively, Win $100,000".

    As that title states, if somebody can manage to do something even slightly productive (sorry, browsing Facebook doesn't count!) using a Chromebook, they'd get $100,000.

    To be honest, I think there's a greater likelihood of a payout in this security challenge than there would be in that productivity challenge.

    I'd imagine many reporters, secretaries, actors, interpreters/translators, librarians, web developers, etc. could get by just fine with a browser.

  5. Nice to see Google pushing this by sasparillascott · · Score: 2

    Chrome is getting alot more popular with users and schools in particular, its nice to see them pushing on the security like this - up to this point it probably hasn't been worth the time of someone to compromise it (from a marketshare standpoint), but that day is coming. It's good Google is trying to stay ahead of that.

  6. Re:I've got an idea for another contest! by IRGlover · · Score: 1

    I'll take cash or a cheque, AC. I've written the bulk of numerous research papers, teaching materials and other learning resources on a Chromebook using Google Drive. Great tools for collaboratively writing materials, before exporting the content for some polishing up in a different piece of software.

  7. Re:I've got an idea for another contest! by 0100010001010011 · · Score: 1

    Heck I do a good 80% of my Python development through a Jupyter Notebook hosted on one of the other machines in my house. I could get by just fine with a browser and ssh client.

  8. Re:What would hacking Guest mode get you? by Luthair · · Score: 2

    Presumably the persistent compromise would affect any logged in user.

  9. Re:What do I get? by pz · · Score: 1

    Punctuation: it's your friend.

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
  10. I was surprised it did EVERYTHING my wife wanted by raymorris · · Score: 1

    My wife got a Chromebook to augment / replace her Linux desktop. I set the Chromebook up to boot Ubuntu, but we went ahead and booted ChromeOS once just to check it out. I was surprised to find she never had any reason to boot into Ubuntu. ChromeOS does everything she wants to do with her computer and it's fast.

    Most recently, she's been job hunting. She looks for job on the web, edits her resume in Google Docs, fills out pdf forms, all on ChromeOS. It actually does 90% of what I use my computer for too - email, browsing, ssh, and text editing (programming). I'm a old-school programmer who doesn't use an IDE except once every few years when I write in a Microsoft language.

    At y old job, a business I owned, I spent 80% of my time using SSH, which works fine from ChromeOS. At my current job, I run a couple of virtual machines on my computer and the company chat program, so a ChromeBook wouldn't do for work, but at home virtual machines go on the server that has 32 GB of RAM and multiple CPUs anyway. So I'd probably be just fine with a ChromeBook at home too.

  11. Re:I was surprised it did EVERYTHING my wife wante by 110010001000 · · Score: 1

    As an added bonus, Google Inc now has a full profile of your and your wife's life. They know she has been looking for a job, everything. And you only had to pay hundreds of dollars for the privilege. So it is a win/win.

  12. Re:What would hacking Guest mode get you? by softnewsit · · Score: 1

    Root access from guest mode.... what else....

    --
    Go away!
  13. Re:What do I get? by fibonacci8 · · Score: 1

    I highly doubt he and punctuation are even on speaking terms after that post.

    --
    Inheritance is the sincerest form of nepotism.
  14. Re:What would hacking Guest mode get you? by edtice1559 · · Score: 1

    Which is really the point. Is it safe to let somebody use your device in guest mode? Can you trust the device afterward. And, of course, kiosks. If you can reboot to a known state they would be way easier to maintain. There's a whole cottage industry out there of reimaging devices still.

  15. Re:What do I get? by macs4all · · Score: 1

    Punctuation: it's your friend.

    Capitalization: It's your friend.