PWN2OWN 2019

Day 1 at the world’s expensive hacking contest Pwn2Own Tokyo 2019, researcher hacked well-known products such as Sony TV, NETGEAR Router, TPLINK WiFi Router, Amazon Echo, Xiaomi Mi9, Galaxy S10 and earned $195,000 in a different category.

Pwn2Own is a live hacking contest, in which contestants are challenged to exploit widely-used software and mobile devices, and now it’s organized by Trend Micro’s Zero Day Initiative (ZDI) for ethical hackers and security researchers who have participated from different countries to find and exploit the zero-day vulnerability.

8 unique products participated in seven categories, the vendors offering USD 750,000 in cash and prizes available to the contestants.

This year, ZDI conducting this hacking contest for the second time. At the first event conducted in March, ZDI awarded a total of $545,000 to ethical hackers for reporting 19 unique zero-day bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox.

Awarded $195,000 in First Day

Fluoroacetate Team

On the first day, a team called Fluoroacetate (Amat Cama and Richard Zhu ) attempted to exploit Sony X800G TV, and this is the very first time Sony participate in this event. 

Fluoroacetate is a veteran of Pwn2Own, they have already won the first Pwn2Own that held on March 2019. in the event, they earned $375,000, laptops and a car over the contest and resulted in 36 Master of Pwn points. 

At the end of the attempt, Fluoroacetate gets a bind shell due to a JavaScript out-of-bounds (OOB) Read in the embedded web browser and earned USD 15,000 and 2 points.

In the next attempt, the Fluoroacetate team come back and targeted the Home Automation category, in which they selected Amazon Echo Show 5 as a target and used an integer overflow in JavaScript to compromise the device and take control that earned them $60,000 and 6 Master pwn points.

Fluoroacetate team

Again they returned and targeted the Samsung Q60 TV and they attempt was able to use an integer overflow in JavaScript to get a reverse shell from the television. Successful demonstration earned them $20,000 and 2 Master of Pwn points.

In other attempted they hacked Xiaomi Mi9 using a JavaScript bug that jumped the stack to exfiltrate a picture from the Xiaomi Mi9 and earned USD 20,000 and 2 additional Master of Pwn points.

exfiltrated picture from Xiaomi Mi9

In day 1’s Fluoroacetate team Final attempt, they targeted the Samsung Galaxy S10 via the NFC component by used a bug in JavaScript JIT followed by a Use After Free (UAF) to escape the sandbox and grab a picture of the phone which earned them $30,000 and Totally $145,000 in the first day.

Flashback Team

A new team called “Team Flashback” (Pedro Ribeiro and Radek Domanski ) targetted the LAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700), and successfully exploit a stack-based buffer overflow to get a shell on the router that earned them $5,000 and 0.5 Master of Pwn points.

Team FlashbackPedro Ribeiro and Radek Domanski

Flashback team also attempted to compromise the WAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700) in the Router category, in result they were able to remotely modify the router’s firmware such that their payload persisted across a factory reset which earned them $20,000 and 1 more Master of Pwn point.

In their final target of the first day, the LAN interface of the TP-Link AC1750 Smart WiFi router. Flashback team exploit the 3 different bugs and earned them $5,000 and .5 Master of Pwn points, in total $30,000 for the first day attempts by Flashback Team.

F-Secure Labs

Researchers ( Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro) from F-secure Labs made a final attempt of the first day, and they targeted the Xiaomi Mi9 handset in the Web Browser category, and they gained partial success.

They demonstrate a couple of chained logic bugs which is known to the respective vendor. But the team still receives $20,000 and 2 Master of Pwn points.

End of the first day, 3 teams have been earned $195,000 in total. We keep update you for the upcoming day targets and results. please stay tuned.

Leave a Reply