Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own

White hat hackers have earned a total of $195,000 for demonstrating vulnerabilities in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest taking place these days alongside the PacSec conference.

White hat hackers have earned a total of $195,000 for demonstrating vulnerabilities in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest taking place these days alongside the PacSec conference.

The event is organized by Trend Micro’s Zero Day Initiative (ZDI) and this edition promises over $750,000 in cash and prizes for exploits targeting one of 17 devices. This is the first Pwn2Own that has invited hackers to demonstrate security holes in the Portal smart display and the Oculus Quest virtual reality headset from Facebook.

Participants made a total of 10 attempts on the first day and a majority of them were successful. Seven attempts have been announced for the second day.

ZDI said the day started with Amat Cama and Richard Zhu of team Fluoroacetate earning $15,000 for hacking a Sony X800G TV by exploiting a JavaScript out-of-bounds read bug in the built-in web browser. An attacker could exploit this flaw to get a shell on the device by convincing the targeted user to visit a malicious website from the TV’s built-in browser.

The same team also earned $60,000 for taking control of an Amazon Echo device through an integer overflow, and $15,000 for getting a reverse shell on a Samsung Q60 TV, also via an integer overflow.

Cama and Zhu also earned $20,000 for managing to exfiltrate a picture from a Xiaomi Mi9 smartphone simply by browsing to a specially crafted website. They also received $30,000 for stealing a picture from a Samsung Galaxy S10 via NFC.

Pedro Ribeiro and Radek Domanski of Team Flashback earned $5,000 for taking control of a NETGEAR Nighthawk Smart WiFi router (R6700) over the LAN interface, and $20,000 for hacking the same router over the WAN interface and remotely modifying its firmware for persistence across a factory reset.

Team Flashback also received $5,000 for a code execution exploit chain against the TP-Link AC1750 Smart WiFi router over the LAN interface.

The last team represented F-Secure Labs and they attempted to hack a TP-Link router and a Xiaomi Mi9 phone. Both attempts were only partially successful, but they still earned $20,000 for showing that they could exfiltrate a photo from the Xiaomi phone. The attempts were only partially successful because some of the bugs they used had already been known to the vendor.

Related: Samsung Galaxy S9, iPhone X Hacked at Pwn2Own Tokyo

Related: IoT Category Added to Pwn2Own Hacking Contest

Related: Pwn2Own 2019: Researchers Win Tesla After Hacking Its Browser

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.