Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000.

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartphones.

In the two days, participants earned a total of $681,250 for 46 unique zero-day exploits.

The NCC Group EDG received the biggest award of the day for successfully executing a 2 exploit (command injection, type confusion) attack against the Ubiquiti and the Lexmark printer in the SOHO SMASHUP category. The team earned $50K and 10 Master of Pwn points.

Team Viettel successfully conducted their OS Command Injection attack against the WD My Cloud Pro Series PR4100 in the NAS category. The team earned $20K and 4 Master of Pwn points.

The STAR Labs team executed a SOHO SMASHUP attack against the Synology router and the Canon printer. The experts used exploits that were seen previously in the competition for this reason their only earned $25K and 5 Master of Pwn points.

Pentest Limited executed an Improper Input Validation attack against the Samsung Galaxy S22 in the Mobile Phone category. They earned $25K and 5 Master of Pwn points.

The results of Day Three are available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Toronto 2022)

[adrotate banner=”5″]

[adrotate banner=”13″]