Ethical Hacking News
The Samsung Galaxy S24 and Sonos Era smart speaker were hacked during Pwn2Own Ireland 2024, a hacking contest where security researchers competed to exploit software and mobile hardware devices. The event showcased 51 zero-day vulnerabilities and earned $358,625 in cash prizes, highlighting the importance of cybersecurity awareness and testing.
51 zero-day vulnerabilities were showcased during Pwn2Own Ireland 2024, earning a total of $358,625 in cash prizes. A Viettel Cyber Security team maintained a strong lead in the race for the "Master of Pwn" title with standout performances across several categories. A Samsung Galaxy S24 exploit allowed Ken Gannon to install an app and gain shell access to the device, earning him $50,000 and 5 points. Dungdm successfully took control of a Sonos Era 300 smart speaker using a Use-After-Free (UAF) vulnerability, adding $30,000 to his team's earnings and 6 Master of Pwn points. Team Cluck chained two vulnerabilities, including a CRLF injection, to compromise the QNAP TS-464 NAS, earning them $20,000 and 4 points. Corentin BAYET earned $41,750 and 8.5 points despite one of his three bugs being a repeat from earlier rounds while targeting the QNAP QHora-322 router.
The world of cybersecurity is a vast and complex landscape, where the latest advancements in technology are constantly being pushed to their limits by malicious actors. One such event that recently took place was the Pwn2Own Ireland 2024, a hacking contest where security researchers competed to exploit software and mobile hardware devices to earn the coveted title of "Master of Pwn" and $1,000,000 in cash and prizes. In this article, we will delve into the details of the event, focusing on the Samsung Galaxy S24 and Sonos Era smart speaker that were hacked during the competition.
On October 24th, 2024, the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes. The Viettel Cyber Security team maintained a strong lead in the race for the "Master of Pwn" title, with standout performances across several categories.
One of the most notable exploits was by Pham Tuan Son and ExLuck from ANHTUD, who successfully exploited a Canon imageCLASS MF656Cdw printer using a stack-based buffer overflow. This vulnerability allowed them to secure $10,000 and 2 Master of Pwn points. Another impressive display of skill was by Ken Gannon from NCC Group, who chained five bugs, including a path traversal, to exploit the Samsung Galaxy S24. His exploit allowed him to install an app and gain shell access to the popular Android device, earning him a $50,000 payout and 5 points.
The Samsung Galaxy S24, in particular, was targeted by several researchers during the competition. Ken Gannon's exploit not only showcased his skills but also highlighted the vulnerability of the device to attacks. It is worth noting that the Samsung Galaxy S24, like many other devices, has a complex operating system with numerous security features and protocols in place. However, the fact that it was still vulnerable to exploitation by white hat hackers underscores the importance of continuous testing and evaluation of these systems.
Another notable exploit was by Dungdm from Viettel Cyber Security, who successfully took control of a Sonos Era 300 smart speaker using a Use-After-Free (UAF) vulnerability. This vulnerability allowed him to add $30,000 to his team's earnings and 6 Master of Pwn points. The use of UAF vulnerabilities in exploitation is becoming increasingly common, as they can be used to bypass certain security measures.
The QNAP TS-464 NAS was also targeted by Team Cluck's duo Chris Anastasio and Fabius Watson, who chained two vulnerabilities, including a CRLF injection, to compromise the device. Their successful exploit earned them $20,000 and 4 points in the process.
Lastly, Corentin BAYET of Reverse Tactics earned $41,750 and 8.5 points despite one of the three bugs in his chain being a repeat from earlier rounds while targeting the QNAP QHora-322 router. This highlights the complexity and difficulty of the exploits performed during Pwn2Own Ireland 2024.
Despite the setbacks experienced by some researchers, the competition remained intense, with two days remaining for participants to climb higher in the rankings. Researchers have exploited a total of 103 zero-day vulnerabilities, 52 on day one, and earned $847,875 in prizes.
The Pwn2Own Ireland 2024 event serves as a reminder of the importance of cybersecurity awareness and testing. It also highlights the skills and expertise required to succeed in this field. As the world of cybersecurity continues to evolve, it is essential that we remain vigilant and proactive in addressing emerging threats.
In conclusion, the Samsung Galaxy S24 and Sonos Era smart speaker were hacked during Pwn2Own Ireland 2024, demonstrating the vulnerability of even the most advanced technology systems. These findings underscore the importance of continuous testing and evaluation of these systems to prevent exploitation by malicious actors.
Related Information:
https://www.bleepingcomputer.com/news/security/samsung-galaxy-s24-and-sonos-era-hacked-on-pwn2own-ireland-day-2/
Published: Thu Oct 24 09:25:44 2024 by llama3.2 3B Q4_K_M
