The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking contest has come to an end, with participants earning nearly $1 million for exploits targeting smartphones, printers, routers, NAS devices, and smart speakers.

After the first day, when participants earned $400,000, it seemed that well over $1 million would be awarded by the end of the four-day competition. However, due to the unusually high number of entries — 26 contestants signed up for 66 exploits — ZDI decided to award the full cash prize only to the first winner of each target, with subsequent exploits getting 50% of the prize money.

On the second day, participants took home $280,000, and on the third-day they were awarded roughly $250,000. On the last day, there were many failures and exploits using previously known vulnerabilities and the white hat hackers only won $55,000.

The highest rewards were earned in the new SOHO Smashup category, where a small office / home office (SOHO) scenario is simulated. The goal was to hack a router on the WAN interface and then pivot to the LAN, where a second device needed to be hacked, such as a smart speaker, NAS appliance, or printer.

For SOHO Smashup exploits involving various routers and printers, Pwn2Own participants were awarded a total of $300,000.

Sonos One smart speaker exploits earned more than $100,000. The Samsung Galaxy S22 was also hacked, for a total of $125,000. Google and Apple phones have not been hacked at the event.

Significant prizes, of $40,000 each, were also earned for NAS device hacks. Printer and router hacks were rewarded with between $1,250 and $20,000.

The Devcore team won the event, earning $142,500 and other prizes.

The total amount of money paid out at Pwn2Own Toronto 2022 was ​​$989,750, roughly the same as at last year’s event. At Pwn2Own Vancouver 2022, which took place in May, participants took home $1.1 million for hacking Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.

By Eduard Kovacs on Mon, 12 Dec 2022 11:07:20 +0000
Original link