Pierluigi Paganini
December 09, 2022
On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartphones.
In the two days, participants earned a total of $681,250 for 46 unique zero-day exploits.
The NCC Group EDG received the biggest award of the day for successfully executing a 2 exploit (command injection, type confusion) attack against the Ubiquiti and the Lexmark printer in the SOHO SMASHUP category. The team earned $50K and 10 Master of Pwn points.
Another successful exploit in the SOHO SMASHUP category @ #P2OToronto #Pwn2Own pic.twitter.com/8Qty12wmU1
— Zero Day Initiative (@thezdi) December 9, 2022
Team Viettel successfully conducted their OS Command Injection attack against the WD My Cloud Pro Series PR4100 in the NAS category. The team earned $20K and 4 Master of Pwn points.
The STAR Labs team executed a SOHO SMASHUP attack against the Synology router and the Canon printer. The experts used exploits that were seen previously in the competition for this reason their only earned $25K and 5 Master of Pwn points.
Pentest Limited executed an Improper Input Validation attack against the Samsung Galaxy S22 in the Mobile Phone category. They earned $25K and 5 Master of Pwn points.
The results of Day Three are available here.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Pwn2Own Toronto 2022)
[adrotate banner=”5″]
[adrotate banner=”13″]
