Ethical Hacking News
Pwn2Own Ireland 2024 has concluded its second day, with hackers demonstrating attacks against various devices, including the Samsung Galaxy S24 smartphone. Ken Gannon of NCC Group earned $50,000 for a five-vulnerability exploit chain that targeted the device, while PHP Hooligans / Midnight Blue took home $40,000 for a command injection bug in the Synology BeeStation BST150-4T NAS device. The total payout has now reached nearly $850,000, with two days remaining in the contest.
Pwn2Own Ireland 2024 has concluded its second day, with top security researchers demonstrating exploits against various devices and systems. The event saw a series of impressive hacks on popular products, including Samsung Galaxy S24 smartphone, Synology NAS devices, Canon and HP printers, Lorex and Ubiquiti cameras, QNAP and Sonos smart speakers. Ken Gannon of NCC Group demonstrated an exploit chain that earned him $50,000 and 5 Master of Pwn points on a Samsung Galaxy S24 device. PHP Hooligans / Midnight Blue showcased a command injection bug on a Synology NAS device, earning them $40,000 and four Master of Pwn points. Corentin BAYET demonstrated an exploit chain that targeted QNAP devices, earning him $41,750 and 8.5 Master of Pwn points. NiNi earned $40,000 and four Master of Pwn points for demonstrating an exploit against the AeoTec Smart Home Hub. The total payout at Pwn2Own Ireland 2024 has reached nearly $850,000, with two days remaining in the contest.
Pwn2Own Ireland 2024, a premier hacking contest organized by Trend Micro's Zero Day Initiative (ZDI), has concluded its second day of activities. The event, which brings together top security researchers and experts from around the world to demonstrate exploits against various devices and systems, witnessed a series of impressive hacks on Tuesday.
The participants at Pwn2Own Ireland 2024 demonstrated attacks against an array of zero-day vulnerabilities, earning substantial rewards in the process. These hackers targeted several popular products, including the Samsung Galaxy S24 smartphone, Synology BeeStation BST150-4T NAS device, Canon and HP printers, Lorex and Ubiquiti cameras, QNAP and Synology NAS devices, and Sonos Era 300 smart speaker.
At the forefront of the hacking action was Ken Gannon of NCC Group, who demonstrated an exploit chain that involved five vulnerabilities to hack a Samsung Galaxy S24 device. This impressive feat earned him $50,000 and 5 Master of Pwn points. The attack utilized path traversal, allowing the hacker to gain access to the device's shell and install an app.
Another notable participant was PHP Hooligans / Midnight Blue (@midnightbluelab), who used a command injection bug to execute code on the Synology BeeStation BST150-4T NAS device. This exploit earned them $40,000 and four Master of Pwn points.
Corentin BAYET (@OnlyTheDuck) of @Reverse_Tactics also showcased an impressive exploit chain that targeted the QNAP QHora-322 to QNAP TS-464. His attack leveraged three bugs, one of which had been previously used by other hackers. This effort earned him $41,750 and 8.5 Master of Pwn points.
NiNi (@terrynini38514) of DEVCORE Research Team demonstrated an exploit against the AeoTec Smart Home Hub, taking advantage of an Improper Verification of Cryptographic Signature bug to gain access to the device. This hack earned her $40,000 and four Master of Pwn points.
These exploits, along with several others, demonstrate the ongoing threat landscape in the world of cybersecurity. As security researchers continue to identify vulnerabilities in various devices and systems, it is essential for manufacturers and vendors to prioritize patching and addressing these issues promptly.
The total payout at Pwn2Own Ireland 2024 has now reached nearly $850,000, with two days still remaining in the contest. The Viettel Cyber Security team is currently leading the Master of Pwn standings, but it remains to be seen whether other teams will emerge victorious in the coming hours.
Pwn2Own Ireland 2024 serves as a stark reminder of the importance of cybersecurity awareness and the need for constant vigilance against the ever-evolving threat landscape. As security researchers continue to push the boundaries of what is possible with hacking tools and techniques, it is crucial for individuals and organizations alike to prioritize their online safety and security.
The results from Pwn2Own Ireland 2024 will undoubtedly have a significant impact on the cybersecurity industry, prompting manufacturers and vendors to reassess their approach to vulnerability management and patching. As the contest continues, it will be fascinating to see how other teams fare in exploiting the vulnerabilities that have been identified during this event.
In conclusion, Pwn2Own Ireland 2024 has provided an excellent opportunity for security researchers to demonstrate their skills and knowledge in exploiting various devices and systems. The exploits showcased by participants at this event serve as a reminder of the ongoing threat landscape in the world of cybersecurity and highlight the importance of prioritizing patching and vulnerability management.
Related Information:
https://securityaffairs.com/170221/hacking/pwn2own-ireland-2024-day-two.html
Published: Thu Oct 24 20:53:28 2024 by llama3.2 3B Q4_K_M
