White hat hackers earn over $1 Million at Pwn2Own Austin 2021

The Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, and participants earned $1,081,250 for 61 zero-day flaws.

Trend Micro’s Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, Samsung, Sonos, TP-Link, and Western Digital.

This edition is the largest Pwn2Own to date, the participants earned $362,500 on the first day of the contest, $415,000 on the second day, $238,750 on the third day, and $60,000 on the last day.

The highest bounties were paid out for zero-day exploits for Sonos One smart speaker, two teams earned $60,000 each for code execution issues.

Congratulation to the Synacktiv team that won the contest and earned $197,000 for their zero-days and 20 Master of Pwn points.

For the first time in the history of the hacking contest, white hat hackers demonstrated zero-day exploits for printers. The participants demonstrated 11 printer hacks, on the third day a team hacked an HP LaserJet printer to play the AC/DC’s Thunderstruck song.

In this edition participants also hacked the Samsun Galaxy S21, Sam Thomas (@_s_n_t) from team Pentest Limited (@pentestltd) demonstrated a zero-day exploit chain for the latest Android 11 earning $50,000.

There was also one partially successful attempt to hack the Samsung Galaxy S21, Mr L and Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STARLabs Team used an exploit chain that included a bug known by the vendor. They still earn $25,000 and 2.5 Master of Pwn points.

The day-by-day results for the Pwn2Own Austin 2021 are available here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, supply chain attack)

[adrotate banner=”5″]

[adrotate banner=”13″]