Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Over $1.1 Million Awarded at Pwn2Own Vancouver 2022 for 25 Zero-Day Vulnerabilities

Pwn2Own Vancouver 2022

Participants earned a total of more than $1.15 million at the Pwn2Own Vancouver 2022 hacking contest last week.

Pwn2Own Vancouver 2022

Participants earned a total of more than $1.15 million at the Pwn2Own Vancouver 2022 hacking contest last week.

According to Trend Micro’s Zero Day Initiative (ZDI), which organizes the event, rewards were paid out for 25 unique zero-day vulnerabilities that were used to target Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.

A majority of the money was earned on the first day, when researchers demonstrated exploits worth a total of $800,000, including three Microsoft Teams exploit chains that received $150,000 each.

Two teams targeted the Tesla Model 3, but only one of them, representing Synacktiv, was partially successful. The Synacktiv team earned $75,000 for an infotainment system hack, but their exploit leveraged a sandbox escape vulnerability that had already been known.

In the second attempt, a researcher failed to demonstrate their Tesla exploit, but ZDI still decided to acquire the details of the exploit and report them to the carmaker.

Researcher Manfred Paul was the only one to target Mozilla’s Firefox browser and the exploit earned him $100,000. Paul demonstrated his exploit on May 18, and on May 20 Mozilla already announced a Firefox update that should patch the vulnerabilities he disclosed at Pwn2Own. The researcher also earned $50,000 for a Safari hack.

Pwn2Own participants demonstrated six Windows 11 privilege escalation exploits, each worth $40,000. Four Ubuntu exploits and one VirtualBox exploit earned hackers the same amount.

This is the second Pwn2Own taking place this year. In April, at Pwn2Own Miami 2022, which focuses on industrial control systems (ICS), contestants earned a total of $400,000 for their exploits.

Advertisement. Scroll to continue reading.

Related: Printers Hacked for First Time at Pwn2Own

Related: $1.9 Million Paid Out for Exploits at China’s Tianfu Cup Hacking Contest

Related: Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.