Hacking Competitions Show Vulnerability in Everyday-Use Devices

Share the Post:

During a well-known hacking competition, bug bounty hunters were able to exploit security vulnerabilities in everyday-use devices that most of us have at home and work.

The Pwn2Own Tokyo is a hacking competition celebrated every year. Cybersecurity specialists, most precisely white-hat hackers, compete to find bugs that may be exploited by malicious parties and earn the cash rewards offered by manufacturers.

The 2020 edition of Pwn2Own Tokyo was held virtually due to the ongoing pandemic but this didn’t stop the bug bounty hunters to find and show the exploits, cashing in major rewards in the process.

Hackers’ Success

Coordinated by Trend Micro’s ZDI from Canada, the Pwn2Own Tokyo 2020 brought together talented hackers with a common mission: hack their way into devices and demonstrate to the manufacturers the potential exploits that are available to malicious agents out there.

In this edition of the event, the bug bounty hunters found 23 unique vulnerabilities that were present in six devices. The findings represented $136,000 in rewards for the participant hackers.

As usual, ZDI gave 120 days to the manufacturers and vendors to patch their software before the bugs’ details become public.

The exploits were found in routers, NAS (network-attached storage), and Smart TVs. Team Flashback, the team that got first place in the competition, earned $40,000 by exploiting vulnerabilities in TP-Link and NETGEAR routers, models that are available in the market and are widely used by thousands of users.

DEVCORE, the team that ended up second, hacked Synology and Western Digital NAS products. The findings presented $37,500 in rewards for the hackers.

Trapa Security and STARLabs teams collected $25,000 each by successfully exploiting vulnerabilities in Western Digital and Synology NAS products and a NETGEAR router.

On a side note, many hackers that joined the event also found serious bugs in Smart TVs yet these ones didn’t grant cash rewards as they were known bugs to the community already.

During Pwn2Own Tokyo 2019, hackers focused on routers but also on popular smartphones. Participants found plenty of vulnerabilities yet fewer than in this edition of the event, ultimately cashing in $315,000 in rewards.

Meanwhile, In China

The same weekend the Pwn2Own Tokyo 2020 took place, participants at the Tianfu Cup in China were putting many other devices to the test, with rewards going over $1.2 million.

During this event, highly popular products such as iPhones, Samsung Galaxy S20, Google Chrome, Mozilla Firefox, and VMware hypervisor software were hacked by talented bug bounty hunters. Eight teams were responsible during this edition of the Tianfu Cup for successfully finding serious vulnerabilities in these products.

Their common, lucrative quest of finding these bugs is always a reminder that we, the end-users of many of these products, must be on the lookout as providers can and probably will fail in their promise of keeping our data safe from malicious third parties.

Related Posts

Colonial Pipeline Hack: What We Know So Far

On May 7th, Colonial Pipeline experienced a significant cyberattack that resulted in a total shutdown of its operations, leading to widespread fuel shortages. Shortly thereafter, it became evident that the incident involved ransomware, with reports indicating that the company made a payment of nearly US$5 million to the attackers, which contradicted their public statements. The cybercriminal organization, known as DarkSide, issued an atypical apology, asserting that their motive was profit rather than chaos. As Colonial Pipeline initiates the process of resuming operations, developments concerning DarkSide follow a surprising trajectory. Explore the complete narrative behind this critical cyber incident and its broader implications.

Read More

Ransomware attack halts Sierra Wireless Production Activities

Sierra Wireless, a leader in internet-of-things solutions, recently fell victim to a significant ransomware attack that brought its production activities to a standstill. The incident, which began on March 20th, not only disrupted manufacturing but also affected internal operations and the company’s website. As the team works diligently to restore systems, questions loom about the potential impact on customer data and the overall financial repercussions. With cybersecurity protocols in place, the company remains tight-lipped about the specifics of the attack. Discover how this incident reflects the growing threat of ransomware in today’s digital landscape.

Read More