Pwn2Own Toronto 2022, Hackers Earn big for 63 unique zero-day exploits

Share post:

Participants in the Pwn2Own Toronto 2022 hacking competition earned $400,000 on the first day, and a total of $989,750 on the final day for new exploits targeting phones, printers, routers, and NAS devices.

26 teams and security researchers targeted devices in the categories of mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers during this hacking competition, all of which were up to date and in their default configuration.

On their third attempt, the STAR Labs team was the first to exploit a zero-day in Samsung’s flagship device by executing an improper input validation attack, earning $50,000 and 5 Master of Pwn points.

On the first day of the competition, another contestant known as Chim demonstrated another successful exploit targeting the Samsung Galaxy S22. On the second and third days of the competition, security researchers from Interrupt Labs and Pentest Limited also hacked the Galaxy S22, with Pentest Limited demonstrating their zero-day exploit in just 55 seconds.

The Devcore team, which had previously competed in several Pwn2Own contests, received the highest single reward on the first day. They were paid $100,000 for hacking a MikroTik router and a Canon printer connected to it.

The event totals $989,750, 63 unique 0-days, 66 entries, and 36 different teams representing 14+ countries.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways