Jump to content
  • Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto

    alf9872000

    • 338 views
    • 2 minutes
     Share


    • 338 views
    • 2 minutes

    Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th.

     

    During this hacking competition, 26 teams and security researchers have targeted devices in the mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers categories, all up-to-date and in their default configuration.

     

    While no team signed up to hack the Apple iPhone 13 and Google Pixel 6 smartphones, the contestants hacked a fully patched Samsung Galaxy S22 four times.

     

    The STAR Labs team was the first to exploit a zero-day in Samsung's flagship device by executing an improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points.

     

    Another contestant, known as Chim, demoed one more successful exploit targeting the Samsung Galaxy S22 on the first day of the contest.

     

    Security researchers with Interrupt Labs and Pentest Limited also hacked the Galaxy S22 on the second and third days of the competition, with Pentest Limited demonstrating their zero-day exploit in just 55 seconds.

     

    The Pwn2Own Toronto 2022 wrapped up today, on the fourth day of the competition, with contestants earning $989,750 for 63 zero-day exploits across multiple categories.

     

    Throughout the contest, hackers have successfully demoed exploits targeting zero-day bugs in devices from multiple vendors, including Canon, HP, Mikrotik, NETGEAR, Sonos, TP-Link, Lexmark, Synology, Ubiquiti, Western Digital, Mikrotik, and HP.

    You can find the complete schedule of the competition here and the program and results for each day of Pwn2Own Toronto 2022 here.

     

    After the zero-day vulnerabilities exploited during the Pwn2Own event are reported, vendors are given 120 days to release patches before ZDI publicly discloses them.

     

    The DEVCORE team won the contest, earning $142,500 and 18.5 Master of Pwn points. They are followed on the leaderboard by Team Viettel with $82,500 and 16.5 points and NCC Group EDG with $78.750 and 15.5 points.

     

    Pwn2Own%20Toronto%202022%20Final%20Leade

    Pwn2Own Toronto 2022 Final Leaderboard (ZDI)

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...