Toronto Pwn2Own hacking contest awards over $980,000 to bug hunters

Share post:

Security researchers picked up US$989,750 in prizes for demonstrating 63 unique zero day vulnerabilities in consumer and small office products during the four-day Toronto edition of the Pwn2Own hacking contest.

The biggest bundle of cash went to a team from Devcore Security Consulting of Taiwan, which won US$142,500. As a result it was named the event’s Master of Pwn.

Graphic listing winning teams in the Toronto Pwn2Own 2022 contest
Top team winners and scores. Source: Trend Micro

It was the first time the contest, run under Trend Micro’s Zero Day Initiative, was held in Toronto. Teams or individuals competed either live at Trend Micro’s Toronto office or online. Each entrant had three tries of five minutes each to show that an exploit they have created can break into fully-patched devices that IT hardware and software manufacturers believe are secure.

Run three times a year since 2007, there is always a contest in Vancouver. Other cities that have hosted contests include Miami and Tokyo.

The Toronto event focused on small office/home office (SOHO) devices, including routers, printers, network attached storage (NAS) devices and a Samsung smartphone.

These devices were chosen because, thanks to the pandemic, more employees are working from home than ever. However, Trend Micro notes, that can expand the corporate attack surface if home devices aren’t properly secured.

Not only were entrants challenged to hack into individual devices, the Toronto contest included a “SOHO Smashup” category that challenged hackers to exploit a Wi-Fi router and  a connected device. If contestants were able to take complete control of both devices within 30 minutes, they could earn US$100,000 and 10 Master of Pwn points.

In April, participants at the Miami event won US$400,000 for demonstrating 26 exploits and bug collisions. In May, Vancouver participants won US$1.15 million for showing 25 unique zero day exploits.

The post Toronto Pwn2Own hacking contest awards over $980,000 to bug hunters first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

The US government and Its Microsoft dependency: A cybersecurity dilemma

Microsoft's series of high-profile cybersecurity failures has once again spotlighted the complex relationship between the tech giant and...

Cyber Security Today, Week in Review for week ending Friday, April 12, 2024

This episode features a discussion on Microsoft's cybersecurity troubles, worries about open source, a warning about abusing IT help desks to launch attack

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways