- I switched to a $100 Motorola phone for two weeks, and it impressed me in several ways
- This E Ink reader that almost replaced my Android phone is at an all-time low price
- Windows 11 not running smoothly? 4 things I always check first
- Building Trust into Your Software with Verified Components | Docker
- IBM's new enterprise AI models are more powerful than anything from OpenAI or Google
Researchers Find 63 Zero-Day Bugs at Latest Pwn2Own
Participants at the latest Pwn2Own competition have done their bit to make the digital world safer, after discovering scores of zero-day vulnerabilities in a range of products.
The contest is run by Trend Micro’s Zero Day Initiative (ZDI), the world’s largest vendor-agnostic bug bounty program.
Held at Trend Micro’s offices in Toronto, the three-day autumn competition doled out $934,750 to contestants, who worked to hack software from various manufacturers across several categories. All told, 26 contestants and teams attempted to exploit 66 target products.
This year represented the tenth anniversary of the consumer-focused edition of the competition and featured a new category focusing on Small Office Home Office (SOHO) equipment.
That’s in recognition of the growing threat to systems used by home workers, which may represent an attractive route via which malicious actors can compromise corporate networks.
“We awarded another $55,000 today bringing our contest total to $989,750. Over the contest, we purchased 63 unique zero days,” said the ZDI’s Dustin Childs at the end of the final day.
“The Master of Pwn title came down to the wire, but the team from DEVCORE claimed their second title with winnings of $142,500 and 18.5 points. Team Viettel and the NCC group were close behind with 16.5 and 15.5 points respectively. Congratulations to all the contestants and Pwn2Own winners.”
Among the vendors whose products were hacked by contestants were HP, Mikrotik, Sonos, TP-Link, Ubiquiti, Western Digital, Lexmark and Netgear.
Some of the devices targeted included printers, routers, smart speakers, NAS devices and smartphones, such as the Samsung Galaxy S22.
Dozens of teams competed from around the world both in-person and remotely.
The vendors of hacked products will now have 120 days to patch the 63 zero-days found in their offerings before they are publicly disclosed by the ZDI.