Tianfu Cup 2023: Still a Thing
China’s premier hacking competition returns with a more inward-looking focus but sustained interest in Western tech majors’ vulnerabilities.
Tianfu Cup (TFC) 2023, China’s prestigious answer to the annual hacking competition Pwn2Own, took place from October 31 to November 1 in Chengdu, Sichuan Province this year. Compared to last, this year’s competition generated little overseas media coverage or chatter among overseas security researchers. Nevertheless, Natto Team observed some noteworthy changes and features in this year’s Tianfu Cup.
What is the Tianfu Cup and How Did it Catch Western Media Attention Previously?
Tianfu Cup, officially described as a hacking competition and international cybersecurity summit, was born in 2018 at a time of upheaval in China’s approach to information security research. China had prohibited its own security researchers from participating in international hacking competition, and Chinese industry experts proposed to the government that vulnerabilities should be considered as national strategic resources, as Natto Thoughts has discussed here. Chinese technology giants including Alibaba, Tencent, and Baidu founded the Tianfu Cup in November 2018. It offers attractive prizes to researchers who discover vulnerabilities: participants earned a total of US$1 million in 2018, $500,000 in 2019, $1.2 million in 2020, and $1.9 million in 2021. It serves as part of China’s talent pipeline to identify and nurture the country’s “combat talent”. By 2021, the Chinese government was openly drawing attention to the Tianfu Cup; that year a cyber security summit, held as part of the hacking competition, attracted participants in the security field from military, central and local governments, government research institutes, and the Ministry of Public Security. (see Chapter 8 of The Emergence of China’s Smart State )
In its first years, the Tianfu Cup competition target list – that is, the list of devices and systems that competitors are invited to try hacking – focused on foreign products. At TFC 2018, a team from 360Security, a subsidiary of Qihoo360, won first place. (For more on Qihoo360’s role in China’s military cyber capabilities, see this Natto Thoughts report ). The team discovered and successfully exploited zero-day vulnerabilities from Apple Safari, iPhone X, Google Chrome, Microsoft Edge, Microsoft Office, and Oracle Virtual Box. At the TFC 2021, teams continued to focus on popular Western products such as Windows 10, Microsoft Exchange Server, Chrome, VMware workstation, and iPhone 13 Pro.
The Tianfu Cup focus on seeking vulnerabilities in foreign products has caught the attention of western media and security researchers. Experts speculated on the significance of this focus. Some pointed out that the Tianfu Cup competition “demonstrated (China’s) continued ability to hold Western systems and networks at risk.” In addition, Chinese nation-state hackers have likely been taking advantage of vulnerabilities and exploits discovered in the TFC for strategic use. In at least one reported case that alarmed Western security researchers, exploits demonstrated at the TFC reappeared in Chinese cyber espionage campaigns. In May 2021, MIT Technology Review reported that one of the Apple iOS vulnerabilities and exploits showcased at the TFC 2018 had been used in Chinese cyber espionage campaigns against the Uyghurs, the Chinese Muslim minority in the Xinjiang region. The vulnerability was exploited two months before it was disclosed and fixed.
TFC 2022 Postponed Then Never Happened
After Western media’s wide reporting of TFC 2021, the organizer of the TFC announced on January 6, 2022 that it was postponing the TFC 2022 to “a later date to be announced,” due to “the competition venue, environment and other factors.” In the end, Tianfu Cup 2022 never took place.
However, Chinese researchers still did have an opportunity to earn prizes for exploiting vulnerabilities that year. China-based Tencent Keen Security Lab did host a hacking contest called Geekpwn, at which a researcher from Ant Security found an exploit for VMWare virtual machine escape vulnerability CVE-2022-31705. (A virtual machine escape is when a program can break out of a virtual machine and interact with the host machine.)
Meanwhile, security researchers continued discovering incidents possibly related to the Tianfu Cup. For example, Microsoft Digital Defense Report 2022 noted that Microsoft Exchange vulnerability CVE-2021-42321 was revealed during Tianfu Cup 2021. Only three days later, Microsoft’s security researchers observed this exploit being used in the wild. Microsoft’s RiskIQ team observed 61,559 instances of systems that could potentially be affected by this exploit, active and on the Internet, at the time it was disclosed. They continued to observe exploitation activity through at least November 2021.
TFC 2023 Targets Switch to a Domestic Product Focus
After skipping 2022, in 2023 the Tianfu Cup came back with a new look. The TFC 2023 webpage has removed the English-language version. Now the webpage has Chinese language only, although it still refers to TFC as an “international hacking competition.” The organizers claim this year’s competition set a number of “firsts” compared with previous competitions. For the first time, the competition included major Chinese security protection products, office and system products. It was the first time for domestic mainstream security vendors to provide product support for the competition, the first time for well-known university teams to participate in product hacking competitions, and the first time to establish a technical supervisory committee. Notably, the age of participants in this year’s competition was younger than before, with many from Gen-Z – people born between 1996 and 2010.
Of particular interest is the new focus on discovering vulnerabilities and exploits in domestic products, not just foreign ones. Among the 26 listed competition targets that participants could try to crack, only five of the targets were foreign products: Chrome browser, Adobe PDF Reader, VMware Workstation, VMware ESXi, and Windows 11. Not surprisingly, the TFC organizers boasted of the participants’ “breakthroughs” in exploiting vulnerabilities in all of these. However, the rest of the targets were domestic products such as XiaoMi 13 Pro mobile phones, office product WPS, security product Sangfor AF, cloud services - Tencent Cloud TDSQL and Huawei Cloud Hadoop - and 360 Extreme Browser X. The organizers revealed that “the participating teams demonstrated world-class level in the competition by using techniques such as joint exploitation of multiple vulnerabilities.”
TFC 2023 Follows “Responsible Vulnerability Disclosure Procedure”
The Tianfu Cup as a Pwn2Own-style hacking competition has been using classic rules established by the Pwn2Own hacking contest since its inception. The TFC organizers announced their targets three to four months before the competitions. Participants prepared exploits that they would execute on devices provided by the organizers on the competition stage during this period. On the day of the competitions, participants had three 5-minute attempts to run their exploits, and they could register to hack multiple devices if they wished to increase their winnings.
Compared to the previous TFC competitions, the competition rules of the TFC 2023 added two new sections: exploit demonstration review process and vulnerability reporting and disclosure process. In the exploit demonstration review process, the TFC organizers designated a technical supervisory committee consisting of seven advisors who are highly regarded in the industry to make the final decision in the case of any disagreements between the participants and the judges, who were representatives from the target vendors and the organizers. The rules also stated, “the vulnerabilities exploited (in the competitions) cannot be disclosed to any other third party, including the target software vendor and sponsor, prior to the review; otherwise, the participants will not be able to receive the award.”
In the vulnerability reporting and disclosure process section, the rules stated, “the organizing committee follows responsible vulnerability disclosure procedure.” According to this procedure, “The vulnerability discoverers report the vulnerabilities first,” and “after the vendors fix the vulnerabilities, the vendors then announce the relevant vulnerability information and release the patch.” However, the language of the rules does not clarify to whom the researchers should report the vulnerabilities. Is it to vendors, the organizing committee, or some other organizations? Later in the section, it stated, “the vulnerabilities need to be explicitly reported to the vendors before the competition, and no individual or organization is allowed to publicly disclose information about the vulnerability details before the vendors release patches for those vulnerabilities.” The confusion remains on who reports the vulnerabilities to the vendors: participants, or the organizing committee? In the end of the section, the rules for the competition phase, if vendors participate as judges on-site, the vendor representatives can determine whether the exploit demonstration is successful. Subsequently, participants submit the vulnerability-related documentation for further review by the organizing committee judges. These judges “share the document using the competition special equipment and encrypt the document to share with the vendors.” “The vendors should provide patches for the vulnerabilities within a specified period of time after receiving the vulnerabilities and make public disclosure of the vulnerability details after patches are released.”
Judging from these rules, it appears that participating vendors can judge whether the exploitation of a vulnerability is valid. However, judges from the organizing committee have the final say to validate the competitions and share the full documentation of the vulnerabilities with vendors.
TFC 2023 Results: Two Teams Successfully Hacked VMware Products and Won the Top Awards
The TFC 2023 organizers did not release much detail on the competition results. The TFC 2023 website showed that among the 62 participating teams, Ant Group Light-year Lab was given the award for hacking the most valuable product, for successfully exploiting VMWare ESXI. CyAgent received the most innovative breakthrough award for exploiting VMWare Workstation. Ant Group’s Light-year Lab also won the overall first prize, CyAgent second prize and K, the third prize. The TFC organizers did not disclose the affiliations of CyAgent and K. Ant Security Lab published an article on its WeChat public account after the competitions to elaborate on the success of its Light-year Lab at the TFC this year. The article indicated that the Light-year Lab completed five hacking targets, including VMware ESXI, Chrome browser, Adobe, Windows 11 and the Chinese-made office product WPS.
However, the organizers did not disclose results of attempts on any other domestic targets. Thus, despite the greater focus on Chinese-made target products, the top prizes still went for exploits against Western products.
TFC 2023: Did Target Vendors Participate in the TFC Proactively?
As we know, previous TFC focused on foreign products. The Tianfu Cup organizers have never revealed whether target vendors have collaborated with the organizers or given permission for the use of their products as targets for the competitions or not. As for the domestic target vendors (see screenshot below) of TFC 2023, most of these companies were also its organizers; that is, these vendors participated in the TFC 2023 proactively. This could mean these vendors agreed to provide their products as targets for participants to discover vulnerabilities in the products and exploit them. As to the target products associated with US companies Google, Adobe, VMware, and Microsoft, the question is whether these companies participated in the TFC 2023 proactively and knowingly.
The Natto Team’s research shows that VMware did. On October 23, VMware announced that VMware “will be returning to the Tianfu Cup hacking contest,” and “attend and validate any demonstrations of a VMescape,” referring to a virtual machine escape exploit. On October 31, the first day of the TFC 2023, VMware updated the announcement to state, “all attempts on our products in the 2023 Tianfu Cup contest are over. … Two teams, Ant Lab and Cyber Agent, have been successful with their attempts on ESXi and Workstation.” From reading between the lines of VMware’s announcement, it seems VMware had proactively participated in the previous TFC (2021) as well.
As of the time of this writing, The Natto Team was not able to verify whether Google, Adobe and Microsoft have given permission to the TFC organizers to use their products as targets or have collaborated at any point with the competition. On November 14, 2023, Google Chrome team released Chrome browser security fixes for CVE-2023-5996. The vulnerability was credited to “Huang Xilin of Ant Group Light-Year Security Lab, reported via Tianfu Cup 2023 on 2023-10-30.” This confirmed that Chrome Browser was successfully exploited at the TFC 2023, which matched what the Light-year Lab reported on its WeChat account. It also suggests that Google’s Chrome team became aware of the vulnerability one day before the competition – or it could be the first day of the competition on October 31 because of the time zone difference. According to the competition rules of the TFC 2023, Google Chrome team could have technical representatives to verify the exploits. However, neither the TFC 2023 organizers nor Google revealed the information. The competition results of the TFC 2023 did not show whether Chrome browser has been successfully targeted.
Microsoft’s Patch Tuesday in November released patches for three zero-day vulnerabilities on November 14, but none of them were credited to the TFC 2023. Adobe has no recent vulnerability patch advisory that was credited to the TFC 2023 either.
What are the Concerns?
Traditionally, a hacking contest, such as Pwn2own, does not always need permissions or any sort of collaboration from vendors to list their products on the target lists. The common mutual understanding is that organizers of hacking contests would disclose the discovered 0day (previously unreported) vulnerabilities to affected vendors. In the case of the Tianfu Cup, Western technology companies have noted with concern that past competitions have primarily targeted Western products and that the Apple iOS exploit demonstrated at TFC 2018 was used in Chinese cyber espionage campaigns against Uyghurs two months before the vulnerability was disclosed and fixed, as described above. Western experts suspect that the Chinese government could use the discovered vulnerabilities offensively; in the past, TFC organizers stated one of the criteria of the product hacking targets as “ the special impact on our country.”
In addition, the Chinese government values vulnerabilities so highly that it requires Chinese researchers not to divulge the vulnerabilities they discover until after they have informed Chinese government authorities. China’s 2021 vulnerability management regulations obligate network product suppliers to report the vulnerability to the government within 2 days of discovering or learning of a vulnerability in their product. For example, Chinese researchers announced vulnerabilities in VMware products at the October 2021 Tianfu Cup, but VMware did not release patches for these vulnerabilities until February 2022, almost four months later. VMware’s patch announcement indicated “these vulnerabilities were reported to the Chinese government by the researchers that discovered them, in accordance with their laws.” This suggested the Chinese researchers followed the regulation on the management of security vulnerabilities by delaying their reporting to VMware until well after they reported to the Chinese government. (See chapter 8 of The Emergence of China’s Smart State).
In contrast, in 2023 the Google Chrome team seemingly waited barely a day, rather than four months, to release fixes for the above-mentioned vulnerability discovered at this year’s TFC. Nevertheless, Chinese vulnerability management regulations are still in place. Could this just be an exception? As of this writing, the Natto Team has not seen VMWare release any fixes for the vulnerabilities discovered in this year’s TFC.
The Tianfu Cup’s X (Twitter) account last updated on July 15, 2021, with a post advertising its 2021 event and lists of the targets. Since then, the Tianfu Cup seems to have distanced itself from Western social media. Removing the English-language version from its website further isolates it from the international information security community. However, the 2023 competition still gave its highest awards for exploits targeting US technology companies, showing continued intense interest in Western IT vulnerabilities. Have we seen a trend here?