Pwn2Own members made the printer to play AC/DC

The hacker competition Pwn2Own Austin 2021 ended, where, among other successful hacks of programs and devices, the participants forced the printer to play AC/DC.

The Zero Day Initiative, the organizers of Pwn2Own, report that this year’s competition has turned out to be the largest ever. 22 participants registered for the event and applied for 58 different hacks.

In total, the white hats earned $362,500 on the first day of the event, $415,000 on the second day, $238,750 on the third day, and $65,000 on the fourth day. In total, 61 vulnerabilities were discovered during the competition, and exploits for them (as a rule, combining several vulnerabilities into one chain) brought the participants over a million dollars.

The winners of the competition this time were Team Synacktiv, who received $ 197,500 in cash and 20 Master of Pwn Points. They were 2 points ahead of the DEVCORE team, which finished the competition with 18 points and earned a total of $ 180,000.

In four contests, competitors successfully compromised printers, routers, Samsung Galaxy S21, NAS devices and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link and NETGEAR.

Among the most interesting hacks shown in the competition, can be noted the execution of arbitrary code on the Samsung Galaxy S21 with the latest security updates (Android 11), shown by the STARLabs team on the second day of the event.

In the end, the Samsung Galaxy S21 was also hacked the next day. An exploit combining three errors was presented by experts from Pentest Limited, earning $50,000 on it.

Also worth noting researchers from the F-Secure Labs who turned an HP LaserJet printer into a jukebox playing AC/DC’s Thunderstruck (video can be found on tweet). To do this, the stack buffer overflow bug was used.

Let me remind you that we also talked about the April Pwn2Own contest: Windows 10, Ubuntu, Safari, Chrome and Zoom were hacked.