The organizers of the Pwn2Own hacker contest Will Offer Participants to Hack Remote Employees

Representatives of the Trend Micro Zero Day Initiative (ZDI) announced the main goals and prizes for the upcoming Pwn2Own hacker contest, which will be held in December.

Let me remind you that we talked about the fact that Pwn2Own members made the printer to play AC / DC, and also that Pwn2Own 2021 ended: Windows 10, Ubuntu, Safari, Chrome and Zoom were hacked.

The next Pwn2Own will take place December 6-8, 2022 in Canada. This time, the event will not be held at the same time as the conference, so ZDI has decided to reimburse attendees $3,000 in travel expenses to encourage as many experts as possible to attend Pwn2Own in person. However, as in previous years, bug hunters will be able to compete remotely, and ZDI employees in Toronto will run exploits for them.

This year’s competition will have a total prize pool of more than one million dollars, plus participants will receive additional prizes for exploits that target mobile phones, wireless routers, smart home hubs, smart speakers, printers, and NAS devices.

It was also revealed that a new category called “The SOHO Smashup” will appear on Pwn2Own this year, where members can earn up to $100,000. In this category, researchers will be asked to hack into an environment that mimics a typical home office. In essence, the goal is to hack the router through the WAN interface and then go to the local network, where you will need to compromise any other device of your choice (for example, a printer, NAS, and so on).

At the first stage, participants will be able to try their hand at hacking TP-Link, Netgear, Synology, Cisco, MikroTik or Ubiquity routers. At the second stage, they will be able to choose a target from a long list of devices, including Meta, Amazon, Google, Sonos, Apple, HP, Lexmark, Canon, Synology and WD IoT products.

Although this version of Pwn2Own is no longer called Pwn2Own Mobile, mobile phones are still the most attractive target for members from a financial standpoint. So, researchers can earn up to $250,000 if they demonstrate a successful hack of Apple’s iPhone 13 or Google’s Pixel 6. Samsung Galaxy S22 hack could net members another $50,000.

Also, a cash prize of up to $60,000 is offered for exploits for smart speakers and smart home hubs. Targets in this category are Sonos One, Apple HomePod Mini, Amazon Echo Studio, Meta Portal Go, Amazon Echo Show 15, and Google Nest Hub Max.