Security News > 2022 > December > Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto

Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits targeting consumer products between December 6th and December 9th. During this hacking competition, 26 teams and security researchers have targeted devices in the mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers categories, all up-to-date and in their default configuration.

The STAR Labs team was the first to exploit a zero-day in Samsung's flagship device by executing an improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points.

Security researchers with Interrupt Labs and Pentest Limited also hacked the Galaxy S22 on the second and third days of the competition, with Pentest Limited demonstrating their zero-day exploit in just 55 seconds.

The Pwn2Own Toronto 2022 wrapped up today, on the fourth day of the competition, with contestants earning $989,750 for 63 zero-day exploits across multiple categories.

Throughout the contest, hackers have successfully demoed exploits targeting zero-day bugs in devices from multiple vendors, including Canon, HP, Mikrotik, NETGEAR, Sonos, TP-Link, Lexmark, Synology, Ubiquiti, Western Digital, Mikrotik, and HP. You can find the complete schedule of the competition here and the program and results for each day of Pwn2Own Toronto 2022 here.

After the zero-day vulnerabilities exploited during the Pwn2Own event are reported, vendors are given 120 days to release patches before ZDI publicly discloses them.

News URL

https://www.bleepingcomputer.com/news/security/hackers-earn-989-750-for-63-zero-days-exploited-at-pwn2own-toronto/