Trend Micro's Zero Day Initiative (ZDI) is awarding prize money to ethical hackers for uncovering vulnerabilities in the Pwn2Own hacking competition. There was a reward of almost 58 million euros for finding 1 zero-day vulnerabilities.
The Zero Day Initiative announces the results of the current Pwn2Own competition. At the hacking competition initiated by Trend Micro, which will take place from June 24th to 27th. The event took place in Toronto, Canada on October 58, and participants discovered a total of XNUMX previously unknown zero-day vulnerabilities. Gaps in mobile and IoT consumer products were the focus of the hacking event,
Ethical hackers find zero-day vulnerabilities
Several teams achieved particular success in the smartphone hack of the Samsung flagship Galaxy S23 at the annual competition held in Toronto. The hacking team Pentest Limited was able to execute commands on the device through an improper input validation vulnerability and was rewarded with almost 47.000 euros for this. But the Star Labs SG team also carried out a successful attack and was able to play a video on the device. In total, the participants were able to hack the Samsung Galaxy S23 a total of six times over the four days of the event.
Competition highlights and winners
- Team Viettel carried out a single-bug attack against the Xiaomi 38.000 Pro for prize money of almost 13 euros.
- Team Binary Factory carried out a stack-based buffer overflow attack against Synology BC500 and won approximately 28.000 euros in prize money.
- Team Pentest Limited attacked the WD My Cloud Pro Series PR2 with a 4100-bug chain and received almost 37.000 euros in prize money.
- Nguyen Quoc Viet was rewarded with approximately 18.000 euros for a stack-based buffer overflow attack against the HP Color Laserjet Pro MFP.
- Team Synacktiv performed a heap-based buffer overflow against the Wyze Cam v3 for a prize of 14.000 euros.
The overall winner as “Master of Pwn” was Team Viettel. The five best participants were rewarded with the following prize money:
- Team Viettel (30 points) – $180.000
- Team Orca (Sea Security) (17,25 points) – approximately $116.000
- DEVCORE Intern and Interrupt Labs (both 10 points) – $50.000 each
- Chris Anastasio (9 points) – $100.000
- Pentest Ltd. (9 points) – $90.000
“Trend Micro’s Zero Day Initiative uncovers cyber risks before exploitation can even be considered,” said Kevin Simzer, COO at Trend Micro. “We are very proud that, together with our sponsors Google and Synology, we are raising security standards for the entire industry through our event. We all agree that this proactive approach is critical to staying one step ahead of cybercriminals.”
Pwn2Own took place for the sixteenth time from October 24th to 27th, 2023 in Toronto, Canada. The next Pwn2Own competition, specifically for the automotive industry, will take place in Tokyo in January 2024 and the next regular Pwn2Own will take place in Vancouver in March 2024.
More at Trend Micro at ZeroDayInitiative.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.