Sonos, HP, and Canon units hacked at Pwn2Own Austin 2021

0
125


Picture: Zero Day Initiative/BleepingComputer
In the course of the first day of Pwn2Own Austin 2021, contestants received $362,500 after exploiting beforehand unknown safety flaws to hack printers, routers, NAS units, and audio system from Canon, HP, Western Digital, Cisco, Sonos, TP-Hyperlink, and NETGEAR.
At Pwn2Own Austin (beforehand referred to as Pwn2Own Cellular), safety researchers will goal cellphones, printers, routers, network-attached storage, sensible audio system, televisions, exterior storage, and different units, all updated and of their default configuration.
The one exception is Western Digital’s 3TB My Cloud Residence Private Cloud NAS system, because it nonetheless runs a beta software program launch.
Researchers can win the highest rewards within the cell phone class, the place they’ll get money prizes of as much as $150,000, with a $50,000 bonus if their iPhone or Pixel browser exploits execute with kernel-level privilege, bringing the utmost award for a single problem to a complete of $200,000.
Pwn2Own Austin’s consumer-focused occasion was prolonged to 4 days after 22 totally different contestants registered for 58 whole entries. The whole schedule contest could be discovered right here.

The DEVCORE and THEORI groups had been those who earned the best rewards throughout the first day of Pwn2Own in Austin.
DEVCORE’s Orange Tsai (@orange_8361), Angelboy (@scwuaptx), and Meh Chang (@mehqq_) received a complete of $100,000 after taking on the Sonos One Speaker and the Canon ImageCLASS MF644Cdw and HP Shade LaserJet Professional MFP M283fdw printers.
The THEORI Staff (@theori_io) earned one other $80,000 after hacking Western Digital’s My Cloud Professional Collection PR4100 and 3TB My Cloud Residence Private Cloud NAS units.
Samsung Galaxy S21 was the one system that escaped unscathed after Ken Gannon (@yogehi) of F-Safe Labs could not get his exploit to work throughout the allotted time.
The complete schedule for Pwn2Own Austin 2021’s first day and the outcomes following every problem are listed right here.
Over $1 million received at Pwn2Own Vancouver 2021
This yr’s earlier Pwn2Own contest happened in Vancouver, and it ended on April 9, 2021, with contestants incomes a document $1,210,000 for exploits and exploits chains focusing on merchandise within the net browsers, virtualization, servers, native escalation of privilege, and enterprise communications classes over three days.
The entire prize pool for the competitors was over $1,500,000 in money and included a Tesla Mannequin 3 left unclaimed after no group signed as much as hack the Tesla automotive this yr.
Pwn2Own Vancouver 2021 ended with a tie between Staff DEVCORE, OV, and Computest’s Daan Keuper and Thijs Alkemade, every of them incomes $200,000.
Staff Fluoroacetate received the primary Tesla Mannequin 3 at Pwn2Own after hacking its Chromium-based infotainment system throughout the 2019 competitors.
Additionally they earned $375,000 after efficiently demoing exploits and exploit chains focusing on Apple Safari, Oracle VirtualBox, VMware Workstation, Mozilla Firefox, and Microsoft Edge.