SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022

Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.

On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first two days.

The new SOHO Smashup category earned participants the highest amounts on the third day. In this category, a small office / home office (SOHO) scenario is simulated, with the goal being to hack a router on the WAN interface and then pivoting to the LAN, where a second device needs to be hacked, such as a smart speaker, NAS appliance, or printer.

A team representing NCC Group earned $50,000 for hacking a Ubiquiti router and a Lexmark printer in a SOHO Smashup attack. The Star Labs team earned $25,000 for an attack targeting a Synology router and a Canon printer. Team Viettel was awarded $37,500 for a hack involving a Cisco router and a Canon printer.

The last Samsung Galaxy S22 exploit of this Pwn2Own earned a participant $25,000. In total, white hat hackers were awarded $125,000 for Galaxy S22 vulnerabilities disclosed at the event. Google and Apple phones have not been targeted.

Also on the third day, $20,000 rewards were earned by participants for Sonos One smart speaker and WD NAS appliance exploits.

Eleven attempts are scheduled for the last day. They target printers and routers.

Related: Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total

Related: Pwn2Own Toronto 2022, Day 1: Hackers Earn $400,000 for Galaxy S22, SOHO Exploits

Related: Over $1.1 Million Awarded at Pwn2Own Vancouver 2022 for 25 Zero-Day Vulnerabilities