In the Pwn2Own Toronto 2023 hacking competition, the participants achieved significant success in breaching various devices, over $400,000 on the inaugural day.
Team Orca of Sea Security secured the highest reward, amounting to $60,000, by fixing a sophisticated two-vulnerability exploit chain involving out-of-bounds read and use-after-free vulnerabilities on the Sonos Era 100 speaker.
Following closely, the Pentest Limited team earned $50,000 for an exploit related to improper input validation targeting the Samsung Galaxy S23 mobile phone.
Bug Exploits
They secured an additional $40,000 for a skillful two-bug exploit chain that comprised a denial-of-service and server-side request forgery, ultimately compromising the Western Digital’s My Cloud Pro Series PR4100 network-attached storage (NAS) product.
Other exploits included a $40,000 reward for a single-bug exploit on the Xiaomi 13 Pro mobile phone by Team Viettel and a $40,000 reward for a three-bug exploit chain, encompassing a server-side request forgery and two injection flaws, which targeted the QNAP TS-464 NAS device by Team ECQ.
Android and IoT Devices
The contest also witnessed the exploitation of vulnerabilities in the Synology BC500 IP camera, earning hackers approximately $50,000.
Further exploits were demonstrated targeting the Xiaomi 13 Pro and the Samsung Galaxy S23, with the respective hacking teams accumulating over $40,000 in rewards.
The participating teams and individual hackers successfully exploited the Canon imageCLASS MF753Cdw and the Lexmark CX331adwe printers, collecting more than $60,000 for their exploits.
The competition is scheduled to continue till today(Oct 27), featuring ongoing demonstrations of exploits in categories encompassing NAS devices, smart speakers, printers, mobile phones, and surveillance systems.
However, it’s important to mention that smart vehicles are notably absent from this event, as they will be featured in the upcoming Pwn2Own Automotive World conference in January 2024 in Tokyo, Japan.
“Tesla’s extensive knowledge of electric vehicles (EVs) has already proven invaluable during their collaboration with Trend Micro at previous Pwn2Own events. We’re delighted to welcome Tesla as title sponsor as we redouble our efforts to expand our influence in the field of automotive cybersecurity,” said Brian Gorenc, VP of threat research at Trend Micro.
Cranium’s Milestone
In a parallel technological development, Cranium, a company specializing in safeguarding
artificial intelligence (AI) applications and deployments recently announced a significant milestone by securing $25 million in Series A funding.
This brings the total investment in the company to $32 million, with Telstra Ventures leading the investment, accompanied by participation from Well known audit firm and SYN Ventures.
These funds will be directed toward research and development (R&D) and expanding their business operations.
The Cranium Enterprise software platform is instrumental in enabling organizations to gain visibility, security, and compliance across their AI systems, facilitating the mapping, monitoring, and management of AI/ML environments.
What sets Cranium apart is its capacity to collect and share information regarding the trustworthiness and compliance of AI models with third parties, clients, and regulatory bodies.
Ethical Hacking + Better AI: A Combination World Will Remember!
With exploits, vulnerabilities, and all other cyber intrusions, it sounds good to know that we have some ethical hackers, too, who are the future of cyber defense.
Similarly, AI is being integrated into every business process at an unprecedented pace. Prioritizing responsible AI at this early juncture in the AI revolution will enable enterprises to scale effectively without encountering major roadblocks and compliance issues in the future.
What’s your opinion? Let us know in the comment section.
Anas Hasan
October 27, 2023
3 years ago
