Man
Professional
- Messages
- 3,222
- Reaction score
- 810
- Points
- 113
White hackers are breaking the smart home and creating new banknotes.
In Ireland, the third day of the Pwn2Own 2024 hacking competition continues, where white hat hackers have identified 11 new zero-day vulnerabilities. The prize pool of the event increased by $124,750 and reached $874,875.
Pwn2Own is an international competition where leading cybersecurity experts try to find vulnerabilities in various software and hardware devices, aiming to win the title of "Master of Pwn" and win a prize of up to $1 million.
On the first day, hackers found 52 zero-day vulnerabilities, and on the second day, another 51. The third day was marked by successful performances by the Viettel Cyber Security, DEVCORE, and PHP Hooligans/Midnight Blue teams.
Banknote printed on a hacked Lexmark printer (source: Zero Day Initiative)
Later, Viettel Cyber Security was successful again, exploiting the Type Confusion vulnerability in the Lexmark CX331adwe printer, which added $20,000 and 2 points to their credit.
However, the day was not without unsuccessful attempts:
Overall rating of the teams (source: @thezdi)
On the fourth day, there are only 15 attempts left, and although most of the prize pool has already been distributed, participants can compete for the remaining $125,000. At the end of three days, the Viettel Cyber Security team became the leader in the rating. So far, 114 zero-day vulnerabilities have been identified in the competition, confirming the importance of such events in improving the security of consumer devices.
Source
In Ireland, the third day of the Pwn2Own 2024 hacking competition continues, where white hat hackers have identified 11 new zero-day vulnerabilities. The prize pool of the event increased by $124,750 and reached $874,875.
Pwn2Own is an international competition where leading cybersecurity experts try to find vulnerabilities in various software and hardware devices, aiming to win the title of "Master of Pwn" and win a prize of up to $1 million.
On the first day, hackers found 52 zero-day vulnerabilities, and on the second day, another 51. The third day was marked by successful performances by the Viettel Cyber Security, DEVCORE, and PHP Hooligans/Midnight Blue teams.
- The day began with the triumph of the Viettel Cyber Security team, which, with the help of an injection team, was able to hack the QNAP TS-464 NAS. For the attack, the hackers received $10,000 and 4 points in the Master of Pwn rating.
- DEVCORE combined CRLF injection, authentication bypass, and SQL injection to seize control of Synology BeeStation. The actions brought the team $20,000 and 4 points.
- The PHP Hooligans/Midnight Blue team, using over-boundary write vulnerabilities and memory management errors, carried out the "SOHO Smashup" attack, which made it possible to switch from the QNAP QHora-322 router to the Lexmark printer and print arbitrary banknotes. For the find, the team earned $25,000 and 10 Master of Pwn points.
Banknote printed on a hacked Lexmark printer (source: Zero Day Initiative)
Later, Viettel Cyber Security was successful again, exploiting the Type Confusion vulnerability in the Lexmark CX331adwe printer, which added $20,000 and 2 points to their credit.
However, the day was not without unsuccessful attempts:
- STEALIEN Inc. was able to compromise the Lorex camera, but since the vulnerability had already been exploited earlier, the team received only $3,750 and 1.5 points.
- Viettel Cyber Security also encountered a collision using a stack overflow to hack into a Canon printer previously demonstrated by another participant. For this, the team received $5,000 and 1 point.
- Viettel Cyber Security and ANHTUD faced a lack of time when they tried to hack the Ubiquiti AI Bullet, but did not have time to complete the attack before the end of the allotted time.
Overall rating of the teams (source: @thezdi)
On the fourth day, there are only 15 attempts left, and although most of the prize pool has already been distributed, participants can compete for the remaining $125,000. At the end of three days, the Viettel Cyber Security team became the leader in the rating. So far, 114 zero-day vulnerabilities have been identified in the competition, confirming the importance of such events in improving the security of consumer devices.
Source
