Sunday, March 3, 2013

Untouchable ChromeOS: Can the Pwn2Own 2013 Hackers Crack It?

By Dietrich T. Schmitz

It's time for the annual CanSecWest 2013 conference this week.  Each year, a Pwn2Own Contest is held to challenge Hackers (Black Hats) to find a way around the security of Browsers running on Microsoft Windows and Apple OSX hardware.

The newest entry in this challenge is Google's ChromeOS Samsung 550 Series 5 Laptop.  This is a first for Linux.  Google's confidence and swagger is evident with a prize purse of $3.14M (pi) awaiting any hacker who can provide a proof of concept exploit which succeeds in penetrating what Google claims is the world's safest operating system.

Google's success in selling Chromebook's took a leap in 2012 and with each new OEM the growth of their market share advances.  The OEM list now includes Samsung, Acer, Lenovo, Hewlett-Packard, and, now the most recent entry, Google Pixel.

It's time for all of the doubters and nay-sayers to look on to see the results.

Attempts to marginalize Linux fail as the Chromebook sales continue their growth spurt.  It's a success story 'in-progress' in several ways.  Chromebook is both easy to use and hard to break.  The cost (excluding Pixel) puts the Chromebook within reach of those who might not otherwise be able to afford a computer--witness the Acer C7 Chromebook selling for $199.

In fact, the Chromebook was the best-selling Laptop over the 2012 Holidays for Amazon.  And, Acer, who have been less than enamored by Microsoft's recent foray into hardware manufacturing (Surface), have enjoyed strong sales of their C7 in the backdrop of lackluster sales of Windows 8-equipped hardware.

Google's Chromebook is not only claimed to be the most secure Laptop on the market, it is indisputably the quickest to bootstrap (instant on with SSD) and nearly impossible to break.  This makes having a Chromebook quite attractive to a large swath 'mass market' of individuals who simply want to be safe and just use something with little or no steep learning curve.  It is, for all intents and purposes, an Internet Appliance.

Is ChromeOS the safest operating system as Google claims?

We shall soon find out.

My wager is that there will be not one successful exploit against ChromeOS.

Pwn2Own runs from March 6th through March 8th.

-- Dietrich

Enhanced by Zemanta


  1. A couple years back, Ubuntu withstood this same onslaught unscathed and one of the hacker teams sniffed. "if we had 20 more minutes, it would have gone down hard."

    Well, that 20 minutes was up,,,let's see now, uh...oh yeah, TWO years ago.

    They must have lost track of what they were doing and forgot.

  2. There are going to be some seriously bruised egos in the aftermath. No more shooting fish in a barrel.

  3. I seriously doubt whether Chrome can be broken. It will be fun to see them try.

  4. This will be the needed validation and a big punctuation mark (!) for Linux and an eye opener for many who have had their eyes shut closed for too long.