Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.
On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first two days.
The new SOHO Smashup category earned participants the highest amounts on the third day. In this category, a small office / home office (SOHO) scenario is simulated, with the goal being to hack a router on the WAN interface and then pivoting to the LAN, where a second device needs to be hacked, such as a smart speaker, NAS appliance, or printer.
A team representing NCC Group earned $50,000 for hacking a Ubiquiti router and a Lexmark printer in a SOHO Smashup attack. The Star Labs team earned $25,000 for an attack targeting a Synology router and a Canon printer. Team Viettel was awarded $37,500 for a hack involving a Cisco router and a Canon printer.
The last Samsung Galaxy S22 exploit of this Pwn2Own earned a participant $25,000. In total, white hat hackers were awarded $125,000 for Galaxy S22 vulnerabilities disclosed at the event. Google and Apple phones have not been targeted.
Also on the third day, $20,000 rewards were earned by participants for Sonos One smart speaker and WD NAS appliance exploits.
Eleven attempts are scheduled for the last day. They target printers and routers.
Related: Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total
Related: Pwn2Own Toronto 2022, Day 1: Hackers Earn $400,000 for Galaxy S22, SOHO Exploits
Related: Over $1.1 Million Awarded at Pwn2Own Vancouver 2022 for 25 Zero-Day Vulnerabilities