Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

Pwn2Own Ireland 2024 participants have earned half a million dollars on the first day for hacking NAS devices, cameras, speakers and printers.

White hat hackers taking part in the Pwn2Own Ireland 2024 contest organized by Trend Micro’s Zero Day Initiative (ZDI) have earned half a million dollars on the first day of the event, for exploits targeting NAS devices, cameras, printers and smart speakers.

The highest single reward, $100,000, was earned by Sina Kheirkhah of Summoning Team, who chained a total of nine vulnerabilities for an attack that went from a QNAP QHora-322 router to a TrueNAS Mini X storage device.

Another exploit chain involving the QNAP QHora-322 and TrueNAS Mini X products was demonstrated by Viettel Cyber Security, but this team earned only $50,000. 

A significant reward was also earned by Jack Dates of RET2 Systems, who received $60,000 for hacking a Sonos Era 300 smart speaker.

QNAP TS-464 and Synology DiskStation DS1823XS+ NAS device exploits earned $40,000 each for two different teams. 

Participants also successfully demonstrated exploits against the Lorex 2K WiFi, Ubiquity AI Bullet, and Synology TC500 cameras, and HP Color LaserJet Pro MFP 3301fdw and Canon imageCLASS MF656Cdw printers. These attempts earned the hackers between $11,000 and $30,000. 

According to ZDI, a total of $516,250 was paid out on the first day of Pwn2Own Ireland for over 50 unique vulnerabilities.

Over the next days, in addition to cameras, NAS devices, smart speakers and printers, contestants will attempt to demonstrate exploits targeting a Samsung Galaxy S24 phone and an AeoTec Smart Home Hub.

Pwn2Own Ireland 2024 also includes a messaging app category, with up to $300,000 offered for a zero-click WhatsApp exploit. Prizes of up to $250,000 were offered for Pixel 8 and iPhone 15 exploits. However, it appears that there are no entries targeting these products. 

Advertisement. Scroll to continue reading.

Related: Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes 

Related: VMware Patches Vulnerabilities Exploited at Pwn2Own 2024

Related: Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.