October 30, 2023 at 09:45AM
The Pwn2Own Toronto 2023 hacking competition concluded with a total of 58 vulnerabilities exploited. Participants earned over $1 million in rewards by successfully targeting routers, printers, smart speakers, NAS products, surveillance systems, and mobile phones. The highest reward of $100,000 was given to Chris Anastasio on the second day of the contest. Multiple teams and individuals demonstrated successful exploits, with some involving chained vulnerabilities. The vulnerabilities have been reported to vendors, who have 90 days to address them before details are disclosed publicly. The total payout for this year’s competition surpassed last year’s event.
Key takeaways from the meeting notes:
1. The Zero Day Initiative’s Pwn2Own Toronto 2023 hacking competition concluded with a total of 58 vulnerabilities demonstrated, including two new zero-day exploits.
2. Participants successfully exploited various devices such as routers, printers, smart speakers, NAS products, surveillance systems, and mobile phones.
3. The total rewards earned during the competition exceeded $1 million.
4. On the first day, 18 exploits were demonstrated, earning over $400,000 in rewards. This decreased to 15 exploits on the second day, eight on the third day, and three on the last day.
5. The highest reward of $100,000 was awarded to Chris Anastasio on the second day for discovering bugs in the P-Link Omada Gigabit router and the Lexmark CX331adwe printer.
6. Team Viettel earned $180,000, Team Orca of Sea Security earned roughly $116,000, and Pentest Limited received $90,000 in total rewards.
7. Several other individuals and teams also demonstrated successful exploits, some targeting new vulnerabilities while others focused on known vulnerabilities.
8. Some exploits chained multiple vulnerabilities, but most were single-bug exploits, leading to remote code execution.
9. All vulnerabilities have been reported to the vendors, who have 90 days to address them before the details are made public.
10. The total rewards paid out in Pwn2Own Toronto 2023 exceeded last year’s event, with 26 contestants signing up for 66 exploits and earning close to $1 million.
Related: A new Pwn2Own automotive hacking contest offers over $1 million in rewards.
Related: Hackers earned $180,000 for ICS exploits at Pwn2Own Miami 2023.
Related: Hackers earned over $1 million at Pwn2Own exploit contest.