March 22, 2024 at 06:30AM
Participants at Pwn2Own Vancouver 2024 earned over $1.1 million, finding 29 zero-day vulnerabilities in Tesla cars, Windows, Ubuntu, Oracle VirtualBox, VMware Workstation, Chrome, Edge, and Adobe Reader. Notably, a team won $200,000 and a Tesla Model 3 for hacking a Tesla car’s electronic control unit. In total, nearly $3.5 million has been paid out in the last three Pwn2Own events.
From the meeting notes, the key takeaways are:
– Participants at Pwn2Own Vancouver 2024 earned over $1.1 million by exploiting vulnerabilities in Tesla cars, operating systems, and popular software.
– A total of $732,500 was earned on the first day for 19 unique zero-day vulnerabilities found in various systems, including Tesla cars, Windows, Ubuntu, Oracle VirtualBox, VMware Workstation, Chrome, Edge, and Adobe Reader.
– Synacktiv was awarded the highest single prize of $200,000 and a new Tesla Model 3 for demonstrating an exploit against Tesla’s electronic control unit (ECU).
– On the second day, Manfred Paul earned $100,000 for a Firefox exploit and was declared the overall winner, earning a total of more than $200,000 after also hacking Safari, Chrome, and Edge browsers.
– Seunghyun Lee of Kaist Hacking Lab earned $85,000 for a remote code execution exploit affecting Chrome and Edge.
– Various teams earned rewards for exploits targeting Docker, VMware Workstation, Chrome, and Edge, among others.
– A total of 29 unique zero-day vulnerabilities were demonstrated, earning participants $1,132,500, and ZDI paid out nearly $3.5 million at the last three Pwn2Own events.