Trend Micro’s Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, Samsung, Sonos, TP-Link, and Western Digital.
This edition is the largest Pwn2Own to date, the participants earned $362,500 on the first day of the contest, $415,000 on the second day, $238,750 on the third day, and $60,000 on the last day.
The highest bounties were paid out for zero-day exploits for Sonos One smart speaker, two teams earned $60,000 each for code execution issues.
Congratulation to the Synacktiv team that won the contest and earned $197,000 for their zero-days and 20 Master of Pwn points.
For the first time in the history of the hacking contest, white hat hackers demonstrated zero-day exploits for printers. The participants demonstrated 11 printer hacks, on the third day a team hacked an HP LaserJet printer to play the AC/DC’s Thunderstruck song.
In this edition participants also hacked the Samsun Galaxy S21, Sam Thomas (@_s_n_t) from team Pentest Limited (@pentestltd) demonstrated a zero-day exploit chain for the latest Android 11 earning $50,000.
There was also one partially successful attempt to hack the Samsung Galaxy S21, Mr L and Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STARLabs Team used an exploit chain that included a bug known by the vendor. They still earn $25,000 and 2.5 Master of Pwn points.
The day-by-day results for the Pwn2Own Austin 2021 are available here.
(SecurityAffairs – hacking, supply chain attack)