Data Security

Xiaomi, Amazon Echo, Sony & Samsung Smart TVs pwned at Pwn2Own

Hackathons happen to be an all-out favorite for the cybersecurity industry for their renewed sense of competing in real-time – testing your skillset against the best. Pwn2Own, one such yearly conference kicked off today in Tokyo with teams competing in exploiting bugs in the systems of well-reputed companies.

Pwn2Own follows an infrastructure in which if participants are successful, prize money is awarded along with certain points that contribute to the conference’s internal ranking system that decides winners at the very end.

Amidst all, one team going by the name of Fluoroacetate managed to gain major victories. It is worth mentioning that Fluoroacetate has a history of sophisticated hacks at Pwn2Own ultimately making them champions at Pwn2Own 2019 and Pwn2Own 2018 where the team hacked Xiaomi Mi 6, Samsung Galaxy S9, iPhone X, Apple Safari and Mozilla Firefox browser.

The duo comprising of Richard Zhu and Amat Cama started with successfully pwning the Sony X800G Smart TV by targeting its in-built web browser with the help of a Javascript OOB Read bug. This landed them $15000 along with two points.

Team Fluroacetate doing their magic.

Nonetheless, we must confess, they weren’t done yet. Next, they took down the Amazon Echo Show 5 with the help of an integer flow in Javascript earning $60K and 6 points.

Moving on, they compromised the Samsung Q60 Smart TV bagging $15000 once again along with a couple of points, the Xiaomi Mi9 Smartphone cashing in $20,000 & 2 points and finally the king of Android, the Samsung Galaxy S10 which brought in $30,000 and 3 points.

All of these hacks in their entirety have earned them $145,000 & 15 points signaling preservation of the reputation that it has set as the winner of the last 2 contests as well in previous years.

To add to this, it is worth mentioning that other teams also achieved some notable feats. Among them was FSecureLabs who also compromised Xiaomi’s Mi9 and Team Flashback who compromised TP-Link’s AC1750 router along with NetGear’s Nighthawk router.

Watch Pwn2Own Tokyo’s day one results:

This makes us wonder though, isn’t their a flaw in the way the cybersecurity departments of these companies operate given that they haven’t tested potential exploits within their products? Certainly and this happens every year. Last year, flagship smartphones such as the iPhone X and the Samsung Galaxy S9 were compromised at the very same conference as well.

However, the way the competition works revolves around bug bounty programs offered by these very companies so that they can continue to protect their products with monetary incentives. As an example, all bugs and flaws that will be found by every team in the entire conference will be handed over to Zero Day Initiative – the organizers of the event – who eventually pass them on to the respective companies.

With the conference making its way on to the second day tomorrow, we expect to see more action and dollars rolling in!

Click to comment

You must be logged in to post a comment Login

Leave a Reply

To Top

Pin It on Pinterest

Share This