The Pwn2Own Toronto 2022 hacking contest has started; this year marks the 10th anniversary of the consumer-oriented competition. On the first day of Pwn2Own Toronto 2022, reports of the Samsung Galaxy S22 hack made a splash.
The full cash prize and the devices under test will be given to the first winner on each criterion. All other winners will receive 50% of the prize money for the second and subsequent rounds on each target, but they will still be awarded the full number of Master of Pwn points.
Samsung Galaxy S22 Hacked
On their third attempt, STAR Labs successfully used their improper input validation exploit against the Samsung Galaxy S22. They earn $50K and 5 Master of Pwn points.
An incorrect input validation attack on the Samsung Galaxy S22 was successfully carried out by Chim. In round two, they receive $25K and 5 Master of Pwn points.
The Galaxy S22 devices in both instances ran the most recent version of the Android operating system with all available updates installed, in accordance with the contest’s regulations.
In the Router category, the NETGEAR RAX30 AX2400, Interrupt Labs was able to execute 2 bugs (SQL injection and command injection) against the LAN interface. $5K and 1 Master of Pwn point are their rewards.
In an attack against the LAN interface of the NETGEAR RAX30 AX2400 in the Router category, Claroty Research was successful in executing 5 separate bugs. They receive $25,000 in addition to 1 Master of Pwn point.
The HP Color LaserJet Pro M479fdw in the Printer category was the target of the third and last stack-based buffer overflow attack carried out by Interrupt Labs researchers. $20K and 2 Master of Pwn points are awarded to them.
Nettitude was able to execute their Stack-based Buffer Overflow attack against the Canon imageCLASS MF743Cdw in the Printer category. They earn $20K and 2 Master of Pwn points.
The Claroty Research team chained 3 bugs (2x Missing Auth for Critical Function and an Auth Bypass) attack against the Synology DiskStation DS920+ in the NAS category. They earned $40K and 4 Master of Pwn points.
Details of Pwn2Own Toronto Competition
In Pwn2Own Toronto, security researchers can attack smart speakers, wireless routers, printers, home automation hubs, mobile phones, and other gadgets that are all current and set to their default settings.
Competitors successfully demonstrated exploits that target zero-day flaws in printers and routers from a variety of manufacturers, including Canon, Mikrotik, NETGEAR, TP-Link, Lexmark, Synology, and HP.
Specifically, for hacking into the Google Pixel 6 and Apple iPhone 13 smartphones, they can receive the largest rewards in the mobile phone category, with cash awards ranging up to $200,000.
The competition has been extended to four days (between December 6th and December 8th) after 26 teams and competitors signed up to exploit 66 targets in all categories.
Penetration Testing As a Service – Download Red Team & Blue Team Workspace