Info@NationalCyberSecurity
Info@NationalCyberSecurity

Unveiling the Hacking Feats and Their Impact | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


The recently concluded Pwn2Own Toronto 2023 hacking competition, organizedTrend Micro’s Zero Day Initiative (ZDI), witnessed an impressive display of skill from security researchers. These experts uncovered a staggering total of 58 zero-day exploits, along with multiple bug collisions, within consumer products. This remarkable achievement earned them a grand total of $1,038,500.

The event focused on testing the vulnerability of mobile and IoT devices, targeting a diverse range of products. Notable devices on the list included the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, Xiaomi 13 Pro, and various other mobile phones. Additionally, the competition aimed to expose flaws in printers, wireless routers, network-attached storage (NAS) devices, home automation hubs, surveillance systems, smart speakers, and Google’s Pixel Watch and Chromecast devices. All of these devices were tested in their default configuration and running the latest security updates.

Among the achievements, the Pentest Limited team wielded their expertise to execute a zero-day exploit on the Samsung Galaxy S23. Demonstrating their prowess, they took advantage of an improper input validation weakness, resulting in code execution. For their accomplishment, they earned a $50,000 cash prize and 5 Master of Pwn points.

Another noteworthy contender, the STAR Labs SG team, also managed to successfully exploit the Samsung Galaxy S23leveraging a permissive list of allowed inputs. Their achievement earned them $25,000 in cash (half of the prize for the second round of targeting the same device) and 5 Master of Pwn points.

The competition concluded with Team Viettel emerging as the victors. They showcased their dominanceaccumulating an impressive $180,000 in prize money and earning 30 Master of Pwn points. Not far behind them were Team Orca of Sea Security with $116,250 (17.25 points), and DEVCORE Intern and Interrupt Labs, both securing $50,000 and 10 points.

The extensive list of compromised devices included products from Xiaomi, Western Digital, Synology, Canon, Lexmark, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP. It is worth mentioning that once these zero-day vulnerabilities are reported, vendors have 120 days to release patches before ZDI publicly discloses them.

The Pwn2Own Toronto 2023 competition has once again shed light on the importance of continually improving the security defenses of consumer products. With the relentless efforts of security researchers, manufacturers can address vulnerabilities, enhance user protection, and ensure a more secure digital landscape for all.

FAQ

What is Pwn2Own Toronto 2023?

Pwn2Own Toronto 2023 is a hacking competition organizedTrend Micro’s Zero Day Initiative (ZDI). Security researchers participate in the event to discover and exploit vulnerabilities in consumer products, earning rewards for their successful exploits.

What devices were targeted in Pwn2Own Toronto 2023?

The competition targeted a wide range of devices, including mobile phones (such as the Apple iPhone 14, Google Pixel 7, and Samsung Galaxy S23), printers, wireless routers, network-attached storage (NAS) devices, home automation hubs, surveillance systems, smart speakers, and Google’s Pixel Watch and Chromecast devices.

Who were the top performers in Pwn2Own Toronto 2023?

Team Viettel emerged as the winners of the competition, followedTeam Orca of Sea Security. DEVCORE Intern and Interrupt Labs also secured notable positions on the leaderboard.

How many zero-day exploits were discovered?

Security researchers successfully uncovered 58 zero-day exploits during Pwn2Own Toronto 2023. These exploits targeted devices from various vendors, including Xiaomi, Western Digital, Synology, Canon, Lexmark, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP.

What happens to the vulnerabilities discovered during the competition?

Once the vulnerabilities discovered during Pwn2Own Toronto 2023 are reported, vendors have 120 days to release patches before ZDI publicly discloses them. This allows manufacturers sufficient time to address the vulnerabilities and enhance the security of their products.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW