Follow us

Pwn2Own: For the first time ever, printers have been hacked

The Zero Day Initiative's Pwn2Own Austin 2021 hacking rivalry started on Tuesday, a precedent for the occasion's set of experience acquired awards for hacking printers.

Published: November 4, 2021 By Ozair Malik

Picture shows man typing on a laptop

Image source – pixabay.com

Outline of Event

Two groups designated printers right from the start, acquiring a sum of $60,000. For hacking a Canon ImageCLASS printer, a crew from Synacktiv was awarded $20,000 – the highest reward for printer exploits.

The group addressing Devcore acquired a sum of $40,000 for taking advantage of weaknesses in Canon ImageCLASS and HP Color LaserJet Pro MFP M283fdw printers.

The Devcore group procured the most elevated single prize, $60,000, for accomplishing code execution on a Sonos One savvy speaker.

Three specific Western Digital NAS items took advantage of procured members $40,000 for each exploit, and a Cisco switch hack compensated with $30,000.

Failed Hack at Samsung

Right off the bat, there was one bombed endeavor to hack a Samsung Galaxy S21. A similar gadget will be designated two extra occasions before very long.

Given the accessible timetable, nobody will target TVs and outer stockpiling gadgets. 

Members acquired a sum of more than $1.2 million for exploiting the program, virtualization, server, neighborhood advantage heightening, and venture interchanges classifications.

Some programming code opened in a compiler

Image source - pixabay.com

Tianfu Cup

Some hacking challenges have brought in members considerably more cash. The new Tianfu Cup, which happens in China, come about in payouts of $1.9 million.

Tianfu Cup welcomes white caps to hack both programming and equipment items on a solitary occasion.

Including,

  • Windows 10
  • Ubuntu
  • iOS 15 on iPhone 13 Pro
  • Microsoft Exchange
  • Chrome, Safari
  • Adobe Reader
  • Parallels Desktop
  • QEMU, Docker
  • VMware ESXi
  • Workstation
  • ASUS switches

It's a phenomenal chance to find vulnerabilities. In any case, not every person is excited about the abilities of the Chinese programmers.

It’s a way of exhibiting power. It shows you that they have the human resources to do those thing,

security investigator Matan Rudis told Bloomberg.

The surprising thing the programmers found was that everything except three of the 15 frameworks or gadgets experienced a fruitful hack.

This Includes:

  • Utilizing Safari to peruse distant URLs, control the program or System.
  • Run a particular program as an unprivileged client to raise advantages and run the order as root in Ubuntu.
  • In Windows 10, a specific program can be run as an unprivileged client to raise advantages and run orders as an Administrator.
  • Use Chrome to peruse distant URLs, control the program or System.
  • Run specific projects to enter through and escape from the VM framework, control the host's working framework.

Pwn2Own Vancouver 2021

The current year's past Pwn2Own challenge occurred in Vancouver, and it finished on April 9, 2021, with candidates procuring a record $1,210,000 for exploits and taking advantage of chains focusing on items on the internet browsers, virtualization, servers, and venture correspondences classes more than three days.

The absolute prize pool for the opposition was more than $1,500,000 in real money and incorporated a Tesla Model 3 remaining unclaimed after no group tried to attack the Tesla vehicle this year.

Pwn2Own Vancouver 2021 finished with a tie between Team DEVCOREOV, and Computest's Daan Keuper and Thijs Alkemade, every one of them procuring $200,000.

Group Fluoroacetate won the principal Tesla Model 3 at Pwn2Own in the wake of hacking its Chromium-based infotainment framework during the 2019 contest.

They likewise procured $375,000 after effectively demoing exploits and taking advantage of chains focusing on the following

  • Apple Safari
  • Oracle VirtualBox
  • VMware Workstation
  • Mozilla Firefox
  • Microsoft Edge

A Users Take

With all these hacking competitions revolving around us, it becomes a source of wonder as to if our devices are secure anymore or not. It may take talented programmers a couple of moments to break your gadget, but that doesn't mean you skip refreshes. Here are a few different ways to remain secure:

  • Continuously update your working framework and applications to the most recent accessible forms.
  • Never download or open a connection from an obscure email address. Likewise, don't tap on joins found in spontaneous messages.
  • Empower two-factor verification for accounts that offer it.
  • It's additional to have antivirus programming that you trust the entirety of your gadgets.
Tags: 
News
Author
Ozair Malik
A passionate Cyber Security researcher and writer with a keen interest in Digital Forensics. A community worker running a insta blog to raise cybersecurity awareness among laymen.

Leave a comment

click to select