Wednesday, June 19, 2024

PWN2OWN 2019 (Day 1) – Ethical Hackers Earned $195,000 for Hacking Sony TV, Amazon Echo, Xiaomi Mi9, Galaxy S10

Day 1 at the world’s expensive hacking contest Pwn2Own Tokyo 2019, researcher hacked well-known products such as Sony TV, NETGEAR Router, TPLINK WiFi Router, Amazon Echo, Xiaomi Mi9, Galaxy S10 and earned $195,000 in a different category.

Pwn2Own is a live hacking contest, in which contestants are challenged to exploit widely-used software and mobile devices, and now it’s organized by Trend Micro’s Zero Day Initiative (ZDI) for ethical hackers and security researchers who have participated from different countries to find and exploit the zero-day vulnerability.

8 unique products participated in seven categories, the vendors offering USD 750,000 in cash and prizes available to the contestants.

This year, ZDI conducting this hacking contest for the second time. At the first event conducted in March, ZDI awarded a total of $545,000 to ethical hackers for reporting 19 unique zero-day bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox.

Awarded $195,000 in First Day

Fluoroacetate Team

On the first day, a team called Fluoroacetate (Amat Cama and Richard Zhu ) attempted to exploit Sony X800G TV, and this is the very first time Sony participate in this event. 

Fluoroacetate is a veteran of Pwn2Own, they have already won the first Pwn2Own that held on March 2019. in the event, they earned $375,000, laptops and a car over the contest and resulted in 36 Master of Pwn points. 

At the end of the attempt, Fluoroacetate gets a bind shell due to a JavaScript out-of-bounds (OOB) Read in the embedded web browser and earned USD 15,000 and 2 points.

In the next attempt, the Fluoroacetate team come back and targeted the Home Automation category, in which they selected Amazon Echo Show 5 as a target and used an integer overflow in JavaScript to compromise the device and take control that earned them $60,000 and 6 Master pwn points.

Fluoroacetate team

Again they returned and targeted the Samsung Q60 TV and they attempt was able to use an integer overflow in JavaScript to get a reverse shell from the television. Successful demonstration earned them $20,000 and 2 Master of Pwn points.

In other attempted they hacked Xiaomi Mi9 using a JavaScript bug that jumped the stack to exfiltrate a picture from the Xiaomi Mi9 and earned USD 20,000 and 2 additional Master of Pwn points.

exfiltrated picture from Xiaomi Mi9

In day 1’s Fluoroacetate team Final attempt, they targeted the Samsung Galaxy S10 via the NFC component by used a bug in JavaScript JIT followed by a Use After Free (UAF) to escape the sandbox and grab a picture of the phone which earned them $30,000 and Totally $145,000 in the first day.

Flashback Team

A new team called “Team Flashback” (Pedro Ribeiro and Radek Domanski ) targetted the LAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700), and successfully exploit a stack-based buffer overflow to get a shell on the router that earned them $5,000 and 0.5 Master of Pwn points.

Team FlashbackPedro Ribeiro and Radek Domanski

Flashback team also attempted to compromise the WAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700) in the Router category, in result they were able to remotely modify the router’s firmware such that their payload persisted across a factory reset which earned them $20,000 and 1 more Master of Pwn point.

In their final target of the first day, the LAN interface of the TP-Link AC1750 Smart WiFi router. Flashback team exploit the 3 different bugs and earned them $5,000 and .5 Master of Pwn points, in total $30,000 for the first day attempts by Flashback Team.

F-Secure Labs

Researchers ( Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro) from F-secure Labs made a final attempt of the first day, and they targeted the Xiaomi Mi9 handset in the Web Browser category, and they gained partial success.

They demonstrate a couple of chained logic bugs which is known to the respective vendor. But the team still receives $20,000 and 2 Master of Pwn points.

End of the first day, 3 teams have been earned $195,000 in total. We keep update you for the upcoming day targets and results. please stay tuned.


Latest articles

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...

Chrome Security Update – Patch for 6 Vulnerabilities

Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115...

Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group,...

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data

Hackers are offering "free" mobile data access on Telegram channels by exploiting loopholes in...

New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication

Several phishing campaign kits have been used widely by threat actors in the past....

Stuxnet, The Malware That Propagates To Air-Gapped Networks

Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA)...

Threat Actors Claiming Breach of AMD Source Code on Hacking Forums

A threat actor named " IntelBroker " claims to have breached AMD in June...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles