Saturday, July 20, 2024

Pwn2Own – Ethical Hackers Hacked Samsung Galaxy S9, iPhone X, Xiaomi Mi6 & Got Reward $325,000

Group of White hat hackers compromised Samsung Galaxy S9, iPhone X,  Xiaomi Mi6 and earned $325,000 in Pwn2Own, two days Hacking completion in Tokyo 2018 organized by Trend Micro’s Zero Day Initiative (ZDI).

They discovered 18 Zero-day vulnerabilities in this event by various Team of White Hat hackers from different countries in this two days contest.

Researchers targeted various Phone models and successfully exploiting the vulnerabilities that exist in Samsung Galaxy S9, iPhone X, and the Xiaomi Mi6.

The First-day Hacking Completion

On the first day, the team Fluoroacetate successfully exploiting the Xiaomi Mi6 handset via NFC that was achieved using the touch-to-connect feature.

This vulnerability can be exploited by forcing users to open the web browser and navigate to their specially crafted webpage where the webpage exploited an Out-Of-Bounds write in web assembly to get code execution and they earned $30,000 USD along with 6 Pwn points.

On the same day, they returned and targeting the Samsung Galaxy S9 and successfully performed heap overflow in the baseband component to get code execution and earned another $50,000 USD with 15 Pwn points.

Fluoroacetate team returned 3rd time and targeting the iPhone X over Wi-Fi and successfully exploiting it using Pair of bugs ” a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation” and they earned $60,000 USD with 10P pwn points.

Finally, they earned $140,000 USD on the first day itself along with the Master of Pwn with 31 points and leader of the Pwn.

Another Team from MWR Labs comes to target the Xiaomi Mi6 and successfully exploiting by installing an application via JavaScript, bypass the application whitelist, and automatically start the application on the first day itself. there are 5 bugs were used together and compromised  Xiaomi Mi6 and they earned $30,000 USD with 6 Pwn points.

In another attempt made by MWR Labs Samsung Galaxy S9 and successfully exploit it over Wi-Fi using three different bugs.

According to ZDI press release, They forced the phone to a captive portal without user interaction, then used an unsafe redirect and an unsafe application load to install their custom application Although their first attempt failed, they nailed it on their second try to earn $30,000 USD and 6 more Master of Pwn points.

Final entry by a White hat hacker Michael Contreras came and exploiting the type confusion in JavaScript and earned $25,000 USD and 6 Master of Pwn points.

End of the day  Fluoroacetate (Amat Cama and Richard Zhu)duo has the lead in Master of Pwn points with 31, while MWR Labs is second place with 12.

The Second-day Hacking Completion

Fluoroacetate duo team starts the second day of the event and again they target the iPhone x and fortunately they attempted the successful exploitation using by combining a JIT bug in the browser along with an Out-Of-Bounds Access to exfiltrate data from the phone.

This exploit leads an attacker to delete the picture from the victims iPhone X and they earned $50,000 and 8 more points.

Again they came back to attack Xiaomi Mi6 and successfully exploit it using an integer overflow in the JavaScript engine to exfiltrate a picture from the phone by targeting the web browser in Xiaomi Mi6 model and earned $25,000 USD again and 6 Master of Pwn points.

MWR Labs team come back again in the second day and they target Xiaomi Mi6 handset where they exploit a combined bug that helps to install the silent app in Mi6 and load the custom app to exfiltrate pictures and earned $25,000 USD and 6 additional points.

According to ZDI in the second day, Fluoroacetate team successfully exploit five out of six successful demonstrations is pretty remarkable and we’re happy to announce the Fluoroacetate duo of Amat Cama and Richard Zhu have earned the title Master of Pwn!

Overall ZDI awarded $325,000 USD total over the two-day contest and they purchasing 18 0-day exploits.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles