Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own

White hat hackers have earned a total of $195,000 for demonstrating vulnerabilities in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest taking place these days alongside the PacSec conference.

The event is organized by Trend Micro’s Zero Day Initiative (ZDI) and this edition promises over $750,000 in cash and prizes for exploits targeting one of 17 devices. This is the first Pwn2Own that has invited hackers to demonstrate security holes in the Portal smart display and the Oculus Quest virtual reality headset from Facebook.

Participants made a total of 10 attempts on the first day and a majority of them were successful. Seven attempts have been announced for the second day.

ZDI said the day started with Amat Cama and Richard Zhu of team Fluoroacetate earning $15,000 for hacking a Sony X800G TV by exploiting a JavaScript out-of-bounds read bug in the built-in web browser. An attacker could exploit this flaw to get a shell on the device by convincing the targeted user to visit a malicious website from the TV’s built-in browser.

The same team also earned $60,000 for taking control of an Amazon Echo device through an integer overflow, and $15,000 for getting a reverse shell on a Samsung Q60 TV, also via an integer overflow.

Cama and Zhu also earned $20,000 for managing to exfiltrate a picture from a Xiaomi Mi9 smartphone simply by browsing to a specially crafted website. They also received $30,000 for stealing a picture from a Samsung Galaxy S10 via NFC.

Pedro Ribeiro and Radek Domanski of Team Flashback earned $5,000 for taking control of a NETGEAR Nighthawk Smart WiFi router (R6700) over the LAN interface, and $20,000 for hacking the same router over the WAN interface and remotely modifying its firmware for persistence across a factory reset.

Team Flashback also received $5,000 for a code execution exploit chain against the TP-Link AC1750 Smart WiFi router over the LAN interface.

The last team represented F-Secure Labs and they attempted to hack a TP-Link router and a Xiaomi Mi9 phone. Both attempts were only partially successful, but they still earned $20,000 for showing that they could exfiltrate a photo from the Xiaomi phone. The attempts were only partially successful because some of the bugs they used had already been known to the vendor.

Related: Samsung Galaxy S9, iPhone X Hacked at Pwn2Own Tokyo

Related: IoT Category Added to Pwn2Own Hacking Contest

Related: Pwn2Own 2019: Researchers Win Tesla After Hacking Its Browser

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:

Tags: