The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking contest has come to an end, with participants earning nearly $1 million for exploits targeting smartphones, printers, routers, NAS devices, and smart speakers.
After the first day, when participants earned $400,000, it seemed that well over $1 million would be awarded by the end of the four-day competition. However, due to the unusually high number of entries — 26 contestants signed up for 66 exploits — ZDI decided to award the full cash prize only to the first winner of each target, with subsequent exploits getting 50% of the prize money.
On the second day, participants took home $280,000, and on the third-day they were awarded roughly $250,000. On the last day, there were many failures and exploits using previously known vulnerabilities and the white hat hackers only won $55,000.
The highest rewards were earned in the new SOHO Smashup category, where a small office / home office (SOHO) scenario is simulated. The goal was to hack a router on the WAN interface and then pivot to the LAN, where a second device needed to be hacked, such as a smart speaker, NAS appliance, or printer.
For SOHO Smashup exploits involving various routers and printers, Pwn2Own participants were awarded a total of $300,000.
Sonos One smart speaker exploits earned more than $100,000. The Samsung Galaxy S22 was also hacked, for a total of $125,000. Google and Apple phones have not been hacked at the event.
Significant prizes, of $40,000 each, were also earned for NAS device hacks. Printer and router hacks were rewarded with between $1,250 and $20,000.
The Devcore team won the event, earning $142,500 and other prizes.
The total amount of money paid out at Pwn2Own Toronto 2022 was $989,750, roughly the same as at last year’s event. At Pwn2Own Vancouver 2022, which took place in May, participants took home $1.1 million for hacking Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.
Related: Printers Hacked for First Time at Pwn2Own
Related: ICS Exploits Earn Hackers $400,000 at Pwn2Own Miami 2022
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
