Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000.

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartphones.

In the two days, participants earned a total of $681,250 for 46 unique zero-day exploits.

The NCC Group EDG received the biggest award of the day for successfully executing a 2 exploit (command injection, type confusion) attack against the Ubiquiti and the Lexmark printer in the SOHO SMASHUP category. The team earned $50K and 10 Master of Pwn points.

Another successful exploit in the SOHO SMASHUP category @ #P2OToronto #Pwn2Own pic.twitter.com/8Qty12wmU1— Zero Day Initiative (@thezdi) December 9, 2022Team Viettel successfully conducted their OS Command Injection attack against the WD My Cloud Pro Series PR4100 in the NAS category. The team earned $20K and 4 Master of Pwn points.

The STAR Labs team executed a SOHO SMASHUP attack against the Synology router and the Canon printer. The experts used exploits that were seen previously in the competition for this reason their only earned $25K and 5 Master of Pwn points.

Pentest Limited executed an Improper Input Validation attack against the Samsung Galaxy S22 in the Mobile Phone category. They earned $25K and 5 Master of Pwn points.

The results of Day Three are available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Toronto 2022)

The post Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million appeared first on Security Affairs.