On the first day of the Pwn2Own Toronto 2022 hacking competition, participants earned a total of $400,000 for new exploits targeting phones, printers, routers and NAS devices.
The competition organized by Trend Micro’s Zero Day Initiative (ZDI) offers significant prizes for hacking mobile phones, wireless routers, home automation hubs, printers, smart speakers, and NAS devices.
The highest single reward on the first day went to the Devcore team, which participated in several Pwn2Own contests in the past years. They earned $100,000 for hacking a MikroTik router and a Canon printer connected to the router.
This reward is part of a new Pwn2Own category called “SOHO Smashup”, where a small office / home office (SOHO) scenario is simulated, with the goal being to hack a router on the WAN interface and then pivoting to the LAN, where a second device is hacked, such as a NAS appliance, a smart speaker, or a printer.
The team Neodyme also had a successful entry in the SOHO Smashup category, earning $50,000 for hacking a Netgear router and an HP printer.
The Star Labs team also earned $50,000, for hacking a Samsung Galaxy S22 smartphone. A participant named Chim also managed to hack the Samsung phone, for a reward of $25,000.
Researchers at industrial and IoT cybersecurity firm Claroty earned $40,000 for hacking a Synology DiskStation NAS device.
There were also multiple $20,000 rewards for hacking Canon, HP and Lexmark printers, and TP-Link and Synology routers. Two teams earned $10,000 each for Synology NAS and HP printer hacks.
Excluding the SOHO Smashup entry, Netgear router exploits earned smaller rewards. For some contestants, including Tenable, their Netgear exploits were neutralized just days before the competition started by a last-minute hotfix released by the vendor.
Pwn2Own Toronto 2022 spans four days, with 26 contestants signing up for 66 exploits. ZDI said the number is unprecedented, and it has decided to only award the full cash prize to the first winner of each target, with subsequent exploits getting 50% of the prize money.
Related: Over $1.1 Million Awarded at Pwn2Own Vancouver 2022 for 25 Zero-Day Vulnerabilities
Related: Microsoft Teams Exploits Earn Hackers $450,000 at Pwn2Own 2022
Related: $200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
