US hackers' carnival shows China's strength in cyberspace protection

A member of 360 Unicorn Team, the cyberspace security engineer team of Qihoo 360 Technology Co, delivers a speech at the DEFCON, known as the secret carnival of global hackers, held in Las Vegas, Nevada. [Photo provided to chinadaily.com.cn]

Numerous members of China-based security teams and geeks' groups showcased their latest tech improvements during the annual BlackHat and DEFCON conventions held in Las Vegas from July 30 to August 8.

Wei Tao from the Baidu X-lab made a speech on the security issue in the globally popular Android platform. He described this issue as "the vulnerability of the ecosystem" and "the blood cancer of the Android OS".

Starting from the vulnerability of the Android kernel, Wei systematically explained how security issues in the Android ecosystem have caused chronic "security diseases."

The Android security mechanism relies heavily on kernel integrity. This underlying security mechanism would collapse in the event of any kernel vulnerability. Once securing control over the kernel, the intruder would be able to easily bypass an app's isolation mechanism and most Android OS security mechanisms.

Offering a solution to this problem, Wei presented Baidu's latest adaptive kernel hot fixing technology, for which it has applied for five patents. This technology is able to automatically match vulnerable points of the targeted Android OS for online hot fixing with no need for the source codes and configurations used to compile the kernel.

This technology has not only greatly enhanced vendors' ability to respond to the highly fragmented Android platform, but also significantly accelerated the process of vendors' pushing kernel security patches to end users. It is able to fix 99.4 percent of Android kernel vulnerable points known in the market, according to Baidu's statistics.

A member of Baidu X-lab, the cyberspace security engineer team of Baidu Inc, delivers a speech at the BlackHat conference, known as top-level conference on information security, held in Las Vegas, Nevada. [Photo provided to chinadaily.com.cn]

Another domestic cyber security pioneer, Qihoo 360 Technology Co, China's largest security software provider, has also participated in the two events. Topics, including security of Power Line Communication (PLC), 4G LTE security and intelligence auto vehicle security, have been raised by the 360 Unicorn Team, a group of industrial leading online security engineers, during the meetings.

Baidu-backed Blue-Lotus is the only team in the Chinese mainland to have entered the finals of DEFCON's CTF contest, the world's top-level hacking competition, and placed among the Top 5 in the rankings.

B1o0ps, the team consisting of Blue-Lotus and 0OPS, defeated Korea-based DefKor, the defending champion, in the finals of DEFCON's CTF contest, and ultimately ranked 2nd with a slight score gap behind US-based PPP, traditionally a strong team.

This is the best performance ever of a Chinese hacker team at the finals of DEFCON's CTF contest.

The BlackHat conference [Photo provided to chinadaily.com.cn]

The BlackHat conference is widely viewed in the information security industry as the top-level, highly technologically intensive conference on information security.

DEFCON is known as the secret carnival of global hackers and as the best representative of the spirit and culture of hacking.

Both hacking events attract researchers from companies and governments, expert hackers from global security companies and research organizations and even officials from US government departments/agencies such as the Department of Defense, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA).