October 25, 2024 at 03:07AM
On Day 3 of Pwn2Own Ireland 2024, white hat hackers exposed 11 more zero-day vulnerabilities, raising the prize pool to $874,875. Viettel Cyber Security excelled, securing significant rewards. By Day 3’s end, a total of 114 vulnerabilities had been revealed, highlighting the event’s importance in enhancing device security.
**Meeting Takeaways from Pwn2Own Ireland 2024 – Day 3 Summary:**
1. **Event Overview:**
– Day 3 of Pwn2Own Ireland 2024 resulted in the discovery of 11 additional zero-day vulnerabilities.
– The total prize pool has reached $874,875.
2. **Competition Highlights:**
– **Total Vulnerabilities:**
– Day 1: 52 vulnerabilities uncovered.
– Day 2: 51 vulnerabilities uncovered.
– Total thus far: 114 vulnerabilities.
– **Top Performing Teams:**
– Viettel Cyber Security earned recognition with multiple successful exploits, including:
– **QNAP TS-464 NAS**: Command injection vulnerability, earning $10,000 and 4 Master of Pwn points.
– **Lexmark CX331adwe printer**: Type confusion vulnerability, earning $20,000 and 2 points.
– **DEVCORE**: Successfully exploited the Synology BeeStation using a combination of three vulnerabilities for $20,000 and 4 points.
– **PHP Hooligans/Midnight Blue**: Performed a complex exploit from a router to a printer, earning $25,000 and 10 points.
3. **Challenges Faced:**
– Teams encountered collisions, with some using the same vulnerabilities:
– STEALIEN Inc. compromised a Lorex camera but received only $3,750 and 1.5 points due to prior usage of the bug.
– Viettel Cyber Security’s exploits on a Canon printer were also affected by a previous demonstration, yielding $5,000 and 1 point.
– Time constraints resulted in unsuccessful attempts by Viettel and ANHTUD on the Ubiquiti AI Bullet.
4. **Current Standings:**
– Viettel Cyber Security is leading the competition significantly, having amassed more points than the nearest competitors (DEVCORE, Neodyme, Summoning Team, Ret2 Systems).
– With 15 attempts left for Day 4 and over $125,000 still available in the prize pool, the final phase of the competition is crucial.
5. **Significance of the Event:**
– The competition enhances the security of consumer devices by identifying and addressing critical vulnerabilities.
**Next Steps:**
– Monitor the final day’s results and the potential for additional vulnerabilities.
– Assess the performance of leading teams and recognize their contributions to cybersecurity.