Pwn2Own – Ethical Hackers Hacked Samsung Galaxy S9, iPhone X, Xiaomi Mi6 & Got Reward $325,000

Group of White hat hackers compromised Samsung Galaxy S9, iPhone X,  Xiaomi Mi6 and earned $325,000 in Pwn2Own, two days Hacking completion in Tokyo 2018 organized by Trend Micro’s Zero Day Initiative (ZDI).

They discovered 18 Zero-day vulnerabilities in this event by various Team of White Hat hackers from different countries in this two days contest.

Researchers targeted various Phone models and successfully exploiting the vulnerabilities that exist in Samsung Galaxy S9, iPhone X, and the Xiaomi Mi6.

The First-day Hacking Completion

On the first day, the team Fluoroacetate successfully exploiting the Xiaomi Mi6 handset via NFC that was achieved using the touch-to-connect feature.

This vulnerability can be exploited by forcing users to open the web browser and navigate to their specially crafted webpage where the webpage exploited an Out-Of-Bounds write in web assembly to get code execution and they earned $30,000 USD along with 6 Pwn points.

On the same day, they returned and targeting the Samsung Galaxy S9 and successfully performed heap overflow in the baseband component to get code execution and earned another $50,000 USD with 15 Pwn points.

Fluoroacetate team returned 3rd time and targeting the iPhone X over Wi-Fi and successfully exploiting it using Pair of bugs ” a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation” and they earned $60,000 USD with 10P pwn points.

Finally, they earned $140,000 USD on the first day itself along with the Master of Pwn with 31 points and leader of the Pwn.

Another Team from MWR Labs comes to target the Xiaomi Mi6 and successfully exploiting by installing an application via JavaScript, bypass the application whitelist, and automatically start the application on the first day itself. there are 5 bugs were used together and compromised  Xiaomi Mi6 and they earned $30,000 USD with 6 Pwn points.

In another attempt made by MWR Labs Samsung Galaxy S9 and successfully exploit it over Wi-Fi using three different bugs.

According to ZDI press release, They forced the phone to a captive portal without user interaction, then used an unsafe redirect and an unsafe application load to install their custom application Although their first attempt failed, they nailed it on their second try to earn $30,000 USD and 6 more Master of Pwn points.

Final entry by a White hat hacker Michael Contreras came and exploiting the type confusion in JavaScript and earned $25,000 USD and 6 Master of Pwn points.

End of the day  Fluoroacetate (Amat Cama and Richard Zhu)duo has the lead in Master of Pwn points with 31, while MWR Labs is second place with 12.

The Second-day Hacking Completion

Fluoroacetate duo team starts the second day of the event and again they target the iPhone x and fortunately they attempted the successful exploitation using by combining a JIT bug in the browser along with an Out-Of-Bounds Access to exfiltrate data from the phone.

This exploit leads an attacker to delete the picture from the victims iPhone X and they earned $50,000 and 8 more points.

Again they came back to attack Xiaomi Mi6 and successfully exploit it using an integer overflow in the JavaScript engine to exfiltrate a picture from the phone by targeting the web browser in Xiaomi Mi6 model and earned $25,000 USD again and 6 Master of Pwn points.

MWR Labs team come back again in the second day and they target Xiaomi Mi6 handset where they exploit a combined bug that helps to install the silent app in Mi6 and load the custom app to exfiltrate pictures and earned $25,000 USD and 6 additional points.

According to ZDI in the second day, Fluoroacetate team successfully exploit five out of six successful demonstrations is pretty remarkable and we’re happy to announce the Fluoroacetate duo of Amat Cama and Richard Zhu have earned the title Master of Pwn!

Overall ZDI awarded $325,000 USD total over the two-day contest and they purchasing 18 0-day exploits.