From the beginning, GeekPwn always walk in the forefront of technology.
In 2014, GeekPwn started and set no limit on PWN targets. In GeekPwn 2015, we set special PWN sessions for finger print recognition, SSL/TLS protocol, etc. In GeekPwn 2016, we begin to notice AI has security issues. We invited the inventor of GAN, Ian Goodfellow to GeekPwn 2016 Silicon Valley site to share his research on GAN. In GeekPwn 2016 Shanghai site, contestant built robot and steal information from air-gapped computers.
In 2017, GeekPwn will continue to explore AI security and set special AI Security session. We welcome more AI geeks' participation.
Again, GeekPwn invites you, talented geeks. Let's break the limitation of minds and show your great power.
Smart devices, IoT products in public markets are all acceptable PWN targets. Contestant with no privileges can get system control, access private data or break through original security mechanisms in reasonable attack conditions.
A printer is infected by a malware. That malware can transfer data from the air-gapped network to a drone through laser.
Through analyzing the movement of user's palm recorded by wearable device, attacker may know user's password for accessing ATM machine, Electronic access control and enterprise servers.
More PWN Everything examples like camera, POS machine, drone, robot, smart watch, smart lock, smart bike etc. are available at GeekPwn Hall of Fame
As AI is progressing rapidly, people begin to consider more about it. From security geeks' view, AI can be PWNed or become assistant tool in PWN.
The special AI Security session wants 2 types of submissions. PWN AI and AI PWN.
For all public AI Services, Products, Libraries, Frameworks, if you can exploit vulnerabilities to make the AI system or component stop working, or lead the AI system or component make wrong decisions, please register. The target areas include Computer Vision, Voice Recognition, Natural Language Processing, Autonomous Driving, Malware Detection, etc. The target AI frameworks include mainstream frameworks like TensorFlow, TorchNet, Caffe, etc.
Use special algorisms to create adversarial pictures based on original ones. While human beings recognize them correctly, some public picture classification services or software make wrong decision.
Use any face to unlock a phone with facial recognition.
Exploit vulnerabilities in autonomous driving system, make the system unable to detect some specific obstacles.
Exploit vulnerabilities in AI framework, make deployed AI system stop working in some specific situations.
Contestant takes AI (Various algorisms in Computer Vision, Voice Recognition, Natural Language Processing, Autonomous Driving, etc.) as primary or assistant method in hacking process to break the limit of target system. Therefore the original functions of target system stop working, or information leaked.
Using AI method for speech synthesis, simulate the target people's voice and pass target authentication system with high probability.
Using AI method to determine the hand actions from video clips to identify the password input with high correct recognition rate.
Using AI method to identify complex CAPTCHA with high correct recognition rate.
Online registration: Please submit registration form online【Register】.
First round evaluation: GeekPwn Committee will evaluate according to the submit form in 5 business days.
Second round evaluation: GeekPwn Committee will determine if the registration is accepted. Once accepted, GeekPwn Committee will prepare device (or AI products) and presentation environment.
Registration deadline: September 30th(Shanghai);October 10th, 2017(Silicon Valley)
For any questions, please send email to email@example.com
What is GeekPwn?
GeekPwn is an international security community focusing in smart life. GeekPwn is held by KEEN every May 12th and Oct 24th to provide chances for security geeks to show their talents.
Who can sign up GeekPwn? How?
Anyone can sign up, as long as the submitted project meets laws and ethics, and is accepted by the committee. Please find corresponding application forms here, fill the form and submit. The committee will issue 2 rounds of reviews then decide if the application is accepted.
What kind of vulnerabilities would be accepted by GeekPwn?
From IoT, Smart devices, to AI services, any successful compromises of security restrictions have chances to be accepted. You can learn more about our past winner and their targets through Hall of Fame.
Who will provide the devices in the project?
All the target devices(or AI products)are provided by GeekPwn committee. The committee will purchase the target devices according to the contestants' request. The day before the contest, the contestants can upgrade the target devices under the supervision of the judge panel, to make its software/firmware version meet the requirement of GeekPwn. All the attacking devices are taken along by the contestants themselves, including computers, software tools, hardware tools, etc.
What's the requirement for the target devices' software/firmware version?
According to the rules, the device should be patched with official updates, and the version should be equal to or newer than the version on 30 days before the contest.
Is network access provided in the contest?
Yes, in the contest GeekPwn committee will provide dedicated network for the project through both wired and wireless access. The dedicated network is specified for a certain project, and isn't shared with other projects or spectators. The contestant can determine whether the network is connected to internet. The contestants can bring their own network devices as backup. But they are only allowed to use under the permission of the judge panel.
Is there a limit on the number of submissions for a single contestant/group? Can a contestant submit multiple exploits for different products?
No, there isn't a limit. You can submit as many as you can.
What if my target is not listed in GeekPwn's scope in the official website?
The targets listed on the page is just for reference and enlightening. Any new ideas of Pwning is welcomed.
I cannot participate this time, but I know someone who can.
Please tell us by filling the form . If the recommended application wins in GeekPwn, you will get extra 10% of the prize as the recommendation reward.
What's new in GeekPwn 2017 Carnival?
You can see new match types, geek shows, and PWN of AI.