Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland


A team from Vietnam scooped the top prize at the very first Pwn2Own Ireland event on Friday, with over $1m in awards handed out by Trend Micro’s Zero Day Initiative (ZDI) for dozens of new discoveries.

The popular hacking competition set up camp in Trend Micro’s Cork office for the first time last week, with competitors discovering and demonstrating exploits for over 70 zero-day vulnerabilities. These will now be responsibly disclosed to the relevant vendors for patching.

Viettel Cyber Security was the overall winner, scooping $205,000 in prize money for exploits of a TrueNAS Mini X enterprise storage solution, a Lorex 2K WiFi camera, a QNAP QHora-322 router, a Sonos Era 300 speaker, a HP Color LaserJet Pro MFP printer, a Lexmark CX331adwe printer and a QNAP TS-464 NAS storage device.

However, the true winners of the competition will be end users of the products targeted by the contestants, as they should in time benefit from more secure kit.

Read more on Pwn2Own: Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities

A growing number of manufacturers are getting involved in the competition in order to place their products in front of a highly motivated bunch of ethical hackers.

For the first time, Pwn2Own welcomed Meta as a sponsor this year, although no teams were able to find a workable exploit for WhatsApp in a new Messenger App category of the competition. It is zero-click vulnerabilities like this that commercial spyware makers are notorious for finding and exploiting for their customers.

The next event is slated for January 22 2025, and will take place, as per this year, in Tokyo. In the Japanese capital, competitors will be tasked with finding exploits for vulnerabilities in automotive systems, with the following categories: Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers, and Operating Systems.

In March this year, a team of French security researchers won a Tesla Model 3 and $200,000 after finding and exploiting a zero-day vulnerability in a vehicle’s electronic control unit (ECU).



Source link

Leave a Comment