December 12, 2022

Participants in the Pwn2Own Toronto 2022 hacking competition earned $400,000 on the first day, and a total of $989,750 on the final day for new exploits targeting phones, printers, routers, and NAS devices.

26 teams and security researchers targeted devices in the categories of mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers during this hacking competition, all of which were up to date and in their default configuration.

On their third attempt, the STAR Labs team was the first to exploit a zero-day in Samsung’s flagship device by executing an improper input validation attack, earning $50,000 and 5 Master of Pwn points.

On the first day of the competition, another contestant known as Chim demonstrated another successful exploit targeting the Samsung Galaxy S22. On the second and third days of the competition, security researchers from Interrupt Labs and Pentest Limited also hacked the Galaxy S22, with Pentest Limited demonstrating their zero-day exploit in just 55 seconds.

The Devcore team, which had previously competed in several Pwn2Own contests, received the highest single reward on the first day. They were paid $100,000 for hacking a MikroTik router and a Canon printer connected to it.

The event totals $989,750, 63 unique 0-days, 66 entries, and 36 different teams representing 14+ countries.

The sources for this piece include an article in BleepingComputer.