heise PlusAbo
Anzeige

Pwn2Own Ireland: Samsung S24 cracked, more than one million US dollars rewarded

The Pwn2Own Ireland event has brought participants more than one million US dollars in prize money for over 70 zero-day breaches.

listen Print view
Computers, smartphones, surveillance cameras, printers are attacked with viruses, criminals are behind it

(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

2 min. read
Security
By

Trend Micro's Zero Day Initiative (ZDI) organized the Pwn2Own hacker competition in Ireland this year. Last week, IT security researchers were able to win prizes for the successful exploitation of zero-day vulnerabilities. This year, for the first time, the prize money exceeded the total sum of one million US dollars, which the winners were able to collect for more than 70 zero days.

The list of attacked devices included Internet-of-Things-class devices, network-attached storage systems (NAS), cell phones and printers. On the first day, participants managed to crack NAS from QNAP or Synology, network printers from Canon and HP, Sonos speakers, the Ubiquiti AI Bullet and Lorex 2K WiFi cameras. Rewards totaling 516,000 US dollars have already been paid out for more than 50 Zero Days.

The Galaxy S24 falls on the second day

A further 358,000 US dollars in prize money was added on the second day. IT researchers succeeded in the unauthorized installation of an app after gaining access to a shell on the Samsung Galaxy S24. They also demonstrated successful attacks on security vulnerabilities in Canon and HP printers, Sonos speakers and QNAP and Synology NAS.

Videos by heise

On the third day, the participants succeeded in compromising QNAP and Synology NAS as well as Lexmark printers. There were also demonstrations of bugs that other groups had also found and demonstrated on the previous days, so-called collisions. On the fourth day, there were more such collisions, but another group demonstrated how they gained access to a QNAP NAS and from there to a Lexmark printer. Another team also demonstrated a direct exploit of the Lexmark printer.

Summaries of the individual competition days can be found on their own websites:

Read also

At the 2023 Pwn2Own competition in Toronto, Canada, the Samsung Galaxy S23 was the focus of IT security researchers. They cracked it several times using different methods.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten