October 27, 2023 at 03:04PM
The Pwn2Own Toronto 2023 hacking competition concluded with security researchers earning $1,038,500 for 58 zero-day exploits targeting mobile and IoT devices. The Samsung Galaxy S23 was hacked four times, while no teams attempted to hack the Apple iPhone 14 and Google Pixel 7. Team Viettel emerged as the winner, followed by Team Orca of Sea Security. The exploited vulnerabilities targeted devices from various vendors, including Xiaomi, Western Digital, Synology, Canon, and Sonos. Vendors have 120 days to release patches before the vulnerabilities are publicly disclosed by ZDI.
Summary:
The Pwn2Own Toronto 2023 hacking competition took place from October 24 to October 27, organized by Trend Micro’s Zero Day Initiative (ZDI). Security researchers targeted mobile and IoT devices, including smartphones, printers, routers, storage devices, home automation hubs, surveillance systems, smart speakers, and Google devices. The researchers successfully exploited 58 zero-day vulnerabilities across multiple vendors’ products. Although no team signed up to hack the Apple iPhone 14 and Google Pixel 7 smartphones, the Samsung Galaxy S23 was hacked multiple times. The Pentest Limited team and the STAR Labs SG team were among the winners, along with Team Viettel, who won the competition and earned $180,000 and 30 Master of Pwn points. Vendors have 120 days to release patches for the vulnerabilities before ZDI discloses them publicly. In a previous competition, Pwn2Own Vancouver 2023, competitors won $1,035,000 and a Tesla Model 3 car for 27 zero-day exploits.
You can find the complete schedule of the Pwn2Own Toronto 2023 competition here, and the results for each challenge are listed here.