Tomcat
Professional
- Messages
- 2,687
- Reaction score
- 1,036
- Points
- 113
On the first day of Pwn2Own, an annual competition for hackers, the team earned a total of $ 195,000 for discovering vulnerabilities in TVs, routers and smartphones. As a reminder, this year Pwn2Own is taking place in Tokyo.
This event has been organized by the Trend Micro Zero Day Initiative (ZDI) for several years now. Rewards are provided for researchers - an amount of $ 750,000 was allocated.
Under the terms of the competition, hackers must create working exploits for vulnerabilities in 17 systems.
The first day of Pwn2Own Tokyo 2021 has come to an end. In total, this day we paid out $ 195,000 for 12 vulnerabilities. The experts managed to successfully break through the protection of seven devices belonging to five categories nine times, ”the ZDI post said.
Thus, Amat Kama and Richard Zhu from the Fluoroacetate team earned $ 15,000 for hacking Sony X800G TV. The specialists exploited the JavaScript out-of-bounds read vulnerability in an embedded browser.
In theory, an attacker could use this flaw to install a shell on a device. It would only be necessary to lure the victim to a certain malicious site.
In addition, Kama and Zhu received $ 60,000 for hacking an Amazon Echo device. Another $ 15,000 - for compromising Samsung Q60 TV.
Not without exploits for smartphones. The Fluoroacetate team pocketed $ 20,000 for a vulnerability in the Xiaomi Mi9. According to the scenario described by the researchers, by luring a user to a certain resource, you can extract photos from this smartphone.
Zhu and Kama received another $ 30,000 for the attack, during which they managed to steal a picture from the Samsung Galaxy S10. For this, the experts used NFC.
