Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens, soft media users 1520111, Alejandro86 for the delivery of clues! CTOnews.com, October 29, the three-day Pwn2Own 2023 hacker contest ended on October 27 local time. The conference was held in Toronto, Canada, where hackers can take advantage of various vulnerabilities to attack consumer electronics and get corresponding bounty and Master of Pwn points.

The Pwn2Own hacker contest is hosted by ZDI (Zero Day Initiative), the project team of Hewlett-Packard's TippingPoint, and supported by Google, Microsoft, Apple, Adobe and other technology giants. It is the most famous and lucrative hacker contest in the world.

According to reports, security researchers used 58 zero-day vulnerabilities (and multiple vulnerability collisions) to attack consumer products, generating a total bonus of $1.0385 million (CTOnews.com Note: currently about 7.602 million yuan).

These zero-day vulnerabilities are targeted at devices from a number of manufacturers, including Xiaomi, Western Digital, Qunhui, Canon, Lexmark, Sonos, TP-Link, WeiUnicom, Wyze and Hewlett-Packard. Once these zero-day vulnerabilities are reported to the vendor, the vendor is required to release an update within 120 days prior to the public disclosure of these vulnerabilities by ZDI.

During the event, security researchers targeted mobile and Internet of things devices, including mobile phones (iPhone 14, Pixel 7, Samsung Galaxy S23 and Xiaomi 13 Pro), printers, wireless routers, NAS devices, home automation centers, surveillance systems, smart stereos, and Google's Pixel Watch and Chromecast, all of which are in default configuration and running the latest security updates.

The results showed that no team signed up to hack into Apple iPhone 14 and Google Pixel 7 smartphones, but contestants managed to hack into the patched Samsung Galaxy S23 four times. As previously reported by CTOnews.com, Samsung Galaxy S23 was successfully hacked twice on the first day of the event, in which the Pentest Limited team took advantage of incorrect input validation vulnerabilities to execute arbitrary code, winning a $50, 000 reward and five Master of Pwn points.

The STAR Labs SG team once again hacked into the Galaxy S23 phone through the entered permission list in the second round, winning a reward of $25000 and five Master of Pwn points.

In addition, the NCC Group team successfully cracked Xiaomi 13 Pro phone and received a reward of US $20, 000 and four Master of Pwn points.

Related readings:

"the first day of the Pwn2Own 2023 hacker contest: Samsung Galaxy S23 and Xiaomi 13 Pro phones were" hacked "

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.