Pwn2Own Toronto 2022 Results

Darkcrizt

4 minutes

Pwn2Own

Pwn2Own Toronto 2022 was held on December 9

The results of the four days of the Pwn2Own Toronto 2022 competition, during which 63 previously unknown (0-day) vulnerabilities were demonstrated in mobile devices, printers, smart speakers, storage systems and routers, were released in a post.

For those who are unaware of Pwn2Own, you should know that this is a hacking contest that takes place annually at the CanSecWest security conference. First held in April 2007 in Vancouver.

In this new edition of the contest, 36 security teams and researchers participated. The most successful DEVCORE team managed to win US$142 from the competition. Second place winners (Team Viettel) received $82,000 and third place winners (NCC group) received $78,000.

During this competition, 26 security teams and researchers have focused on devices in the categories of mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers, all up-to-date and in their default settings.

“And we're done! All the results from Day Four are below. We're awarding another $55,000 today, bringing our contest total to $989,750. During the contest, we purchased 63 unique zero days. The Master of Pwn title went all the way, but the DEVCORE team claimed their second title with earnings of $142,500 and 18.5 points.” read the post published by ZDI. “The Viettel team and the NCC group were very close with 16,5 and 15,5 points respectively. Congratulations to all the Pwn2Own contestants and winners.”

On the fourth day of the competition, researcher Chris Anastasio demonstrated a heap-based buffer overflow against the Lexmark printer. He won $10,000 and 1 Master of Pwn point.

During the competition, attacks that led to remote code execution on devices were demonstrated:

  • Canon imageCLASS MF743Cdw Printer (11 successful attacks, $5,000 and $10,000 bonuses).
  • Lexmark MC3224i Printer (8 attacks, $7500, $10000 and $5000 premiums).
  • HP Color LaserJet Pro M479fdw Printer (5 attacks, $5,000, $10,000 and $20,000 bonuses).
  • Sonos One Speaker Smart Speaker (3 attacks, $22,500 and $60,000 bonuses).
  • Synology DiskStation DS920+ NAS (two attacks, $40 and $000 premiums).
  • WD My Cloud Pro PR4100 NAS (3 prizes of $20 and one prize of $000).
  • Synology RT6600ax Router (5 WAN attacks with premiums of $20 and two premiums of $000 and $5000 for one LAN attack).
  • Cisco C921-4P Integrated Services Router ($37,500).
  • Mikrotik RouterBoard RB2011UiAS-IN router ($100 bonus for multi-stage hacking: Mikrotik router was attacked first, and then, after gaining access to the LAN, the Canon printer).
  • NETGEAR RAX30 AX2400 Router (7 attacks, $1250, $2500, $5000, $7500, $8500 and $10000 bonuses).
  • TP-Link AX1800/Archer AX21 router (WAN attack $20 premium and LAN attack $000 premium).
  • Ubiquiti EdgeRouter X SFP router ($50,000).
  • Samsung Galaxy S22 smartphone (4 attacks, three prizes of $25,000 and one prize of $50,000).

In addition to previous successful attacks, 11 attempts to exploit vulnerabilities failed. Since during the competition, rewards were also offered for hacking Apple's iPhone 13 and Google's Pixel 6, but there were no applications for attacks, although the maximum reward for preparing an exploit that allows executing kernel-level code for these devices was of $250.000.

It is worth mentioning that the rewards offered by hack home automation systems Amazon Echo Show 15, Meta Portal Go, and Google Nest Hub Max, as well as Apple HomePod Mini, Amazon Echo Studio, and Google Nest Audio smart speakers, for which the hack reward was $60,000.

For the part of the demonstrated vulnerabilities in the various components, the problems will not yet be reported publicly according to the terms of the competition, the detailed information about all the demonstrated 0-day vulnerabilities will be published only after 120 days, which they are given for the preparation of updates by manufacturers to eliminate vulnerabilities.

The attacks used the latest firmware and operating systems with all available updates and default settings. The total amount of compensation paid was $934.750.

Finally if you are interested in knowing more about it about this new edition of Pwn2Own, you can consult the details In the following link.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.