19 C
Jaipur
Friday, October 30, 2020

PWN2OWN Tokio 2019 – Ethical Hackers Earned $315,000

Must read

amazon app quiz: Amazon app quiz October 30, 2020: Get answers to these five questions to win Rs 15,000 in Amazon Pay balance

As part of today’s app quiz, Amazon is giving a chance to win Rs 15,000 in Amazon Pay balance. Daily...

​Amazon sale: Power banks, earbuds and other accessories available at up to 88% discount

​Amazon sale: Power banks, earbuds and other accessories available at up to 88% discount Source link

Want WhatsApp features before others? Here's step-by-step guide to become a beta tester

Want WhatsApp features before others? Here's step-by-step guide to become a beta tester Source link

How To Use pulseaudio-dlna To Stream Audio From Ubuntu 20.10 To Chromecast Devices

pulseaudio-dlna is a streaming server which allows streaming audio from your Linux computer to a Chromecast or DLNA / UPNP device in the same...

In this first day, Ethical hackers earned $195,000 by exploiting the vulnerabilities that reside in the different products, In the second and final day of Pwn2Own Tokyo 2019, researchers made 6 attempts in various categories and earned $315,000 in total 2 days of this contest.

In the first entry of day 2, Team Fluoroacetate (Amat Cama and Richard Zhu) attempt to exploit the Samsung Galaxy S10 in the mobile category.

“Their rogue base station used a stack overflow to push their file onto the target handset. The successful demonstration earned them $50,000 and 5 Master of Pwn points and this is 3 rd time Samsung handset has been compromised via baseband”

In the next attempt, Fluoroacetate targeted the NETGEAR Nighthawk Smart WiFi Router (R6700) and successfully demonstrate the vulnerability.

In the next attempt, Pedro Ribeiro and Radek Domanski of team Flashback came back to target the WAN port of the TP-Link AC1750 Smart WiFi router.

They successfully exploit the bug using a stack overflow combined with a logic bug to gain code execution on the device that earned them $20,000 and one more points towards Master of Pwn.

In a total of 2 days contest, Team Flashback earned a total of $50,000 for four successful demonstrations.

Pedro Ribeiro of Team Flashback demonstration

Another Team from F-Secure Labs back to attack the WAN interface of the TP-Link AC1750 Smart WiFi router and they successfully demonstrate the combined command injection bug along with some insecure defaults to gain code execution on the device.

They also showed off their LED light skills by having the front of the router play “snake” for us. Style points asides, the successful demonstration earned them $20,000 and one Master of Pwn point.

In the next attempt, F-secure Team targeted the Xiaomi Mi9 handset via the NFC component.

” In order to exfiltrate a photo from the phone, they tapped it to their specially crafted NFC tag. That triggered a cross-site scripted (XSS) bug in the NFC component and sent a picture to a different phone they controlled.”

F-secure Team Final attempt earned them $30,000 and a total of $70,000 that take them to the second place of this contest.

Finally, Fluoroacetate holds the 18.5 points with $195,000 and retained their title of Master of Pwn.

Overall, we awarded more than $315,000 USD total over the two-day contest while purchasing 18 different bugs in the various products. ZDI said.

All the reported bugs in this contest have been notified to the respective vendors, now they have 90 days deadline to patch all these vulnerabilities that affected their products.

The next Pwn2Own event going to be conducted in Miami. Contest registration closes at 5:00 p.m. Eastern Standard Time on January 17th, 2020.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and Hacking News update.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

amazon app quiz: Amazon app quiz October 30, 2020: Get answers to these five questions to win Rs 15,000 in Amazon Pay balance

As part of today’s app quiz, Amazon is giving a chance to win Rs 15,000 in Amazon Pay balance. Daily...

​Amazon sale: Power banks, earbuds and other accessories available at up to 88% discount

​Amazon sale: Power banks, earbuds and other accessories available at up to 88% discount Source link

Want WhatsApp features before others? Here's step-by-step guide to become a beta tester

Want WhatsApp features before others? Here's step-by-step guide to become a beta tester Source link

How To Use pulseaudio-dlna To Stream Audio From Ubuntu 20.10 To Chromecast Devices

pulseaudio-dlna is a streaming server which allows streaming audio from your Linux computer to a Chromecast or DLNA / UPNP device in the same...

Nokia cuts full-year profit forecast, announces new strategy – Latest News

STOCKHOLM/HELSINKI: Nokia cut its full-year profit forecast even as the telecom network equipment maker's quarterly underlying profit met expectations in its first earnings under...