WINDOWS 11 HACKED THREE MORE TIMES.
The Pwn2Own Contest marked its 15th annual event by returning to Vancouver where it had first started in 2007. The event started off as a small, browser focused and grew into one of the most well-known security competitions in the industry. In the early years, a successful exploit earned a McBook and $10,000. Last year, ZDI gave away millions of dollars in prizes alone.
In the 15th event more than $1.5 million were distributed for high impact security bugs conceived by high end programmers and ethical hackers. The event was managed by Trend Micro’s Zero Day Initiative (ZDI) attracting hackers from across the world who competed ferociously to find bugs in products from a wide range of vendors including Microsoft, Mozilla and Apple’s Safari.
Paricipants contested to win money or points. A team from StarLabs of Singapore, who took part virtually, was declared the champions with a total of 27 points for the vulnerabilities they discovered during the event.
A good number of well-known companies like Tesla, VMWare, Zoom, Microsoft and Teams, sponsored the event. They provided targets for the competitors. David Berard and Vincent Dehors from Synactiv discovered two unique bugs on the Tesla Model 3 Infotainment System.
Dustin Childs, senior communications manager at Trend Micro’s ZDI, said, “The Synactive team was able to remotely take over the infotainment system, and they showed how they could stand outside the car and turn on the wipers, open the trunk, and flash the lights. The attempt that failed still demonstrated some interesting research, and we were pleased to acquire through a standard program submission.”
On the third and final day of Pwn2Own Vancouver hacking contest, security experts hacked Microsoft’s Windows 11 operating system using zero day exploits. Team Double Dragon could not demonstrate their exploit within the allotted time and failed in their attempt to hack the operating system. The other contestants, however, succeeded in the target and earned $160,000 after infiltrating Windows 11 three times and Ubuntu Desktop once.
On the third day of Pwn2Own contest, nghiadt12 from Viettel Cyber Security demonstrated a Windows11 escalation of privilege zero-day. Likewise, Bruno Pujos from Reverse Tactics and vinhthp1712 also demonstrated Windows11 escalation using Use-After-Free and Improper Access Control vulnerabilities. Finally, Billy Jheng Bing-Jhong hacked a system running on Ubuntu Desktop by employing Use-After-Free exploit.
The event ended on May 20, 2022 as 17 competitors claimed prizes and cash worth $1,155,000 for zero-day exploits chains demonstrated over three days from May 18.
During the event, the participants demonstrated six Windows 11 exploits, hacked Ubuntu Desktop four times and demonstrated Microsoft Teams zero-days. They have also informed the security specialists present at the Vancouver meet that several flaws exist in Apple Safari, OracleVirtualbox, and Mozilla Firefox.
Once vulnerabilities are exploited and brought into the knowledge of all concerned, vendors have 90 days to release the upgraded versions. After that period, Trend Micro’s Zero Day Initiative publicly informs of the existence of vulnerabilities in the apps.
The Pwn2Own demonstrates about how talent from all across the world can coordinate to get even with the hackers, who seem to be in control and strike at their targets whenever they like and wherever they like.