The hacking competition where Windows 11, Ubuntu, Tesla and many more were hacked

The hacking competition where Windows 11, Ubuntu, Tesla and many more were hacked

The hacking competition where Windows 11

During the annual Pwn2Own cybersecurity and hacking event, which this year celebrates its 15th anniversary, several large companies and famous operating systems were hacked. Among them, Microsoft, Tesla, Ubuntu and Firefox. Pwn2Own is a prize competition, organized in a similar way to a tournament, which also represents an opportunity for the companies themselves to discover and correct their vulnerabilities. The event is organized by the Zero Day Initiative.

The 2022 edition took place from 18 to 20 May in Vancouver and involved seventeen researchers and security experts who worked on a total of more than twenty objectives. . The first day saw all attempts successful: vulnerabilities were found in Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop.

The second day the researchers of the French company Synaktiv managed to identify and exploit a bug in Tesla's system, giving them access to some commands of the machine, as seen in this video shared by the official account of Zero Day Initiative.

Twitter content This content can also be viewed on the site it originates from.

Additionally, a team of researchers from Northwestern University has identified two known use after free vulnerabilities in the Ubuntu system. This type of vulnerability affects the dynamic memory of applications and can be exploited to hack programs.

Twitter content This content can also be viewed on the site it originates from.

Also during the second day there were two failed hacking attempts on Windows 11 and Tesla. On the third day, the researchers managed to penetrate the Windows 11 operating system three times, without fail.

A total of nearly eight hundred thousand dollars in cash prizes were awarded to the researchers and hackers involved in the competition. The winning company which was awarded twenty-seven points and which was proclaimed Master of PWN by the tournament organizers was Star Labs of Singapore, which had already racked up several successes in previous editions of the competition.

Twitter content This content can also be viewed on the site it originates from.






PWN2OWN 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also hacked on day one of PWN2OWN 2022 in Vancouver.


Pwn2Own is a hacking contest where white hate hackers come forward and compete against each other and earn thousands of dollars for detecting unknown vulnerabilities in popular software/OS. On the first day of the 15th edition of Pwn2Own, vulnerability researchers earned around $800,000.


According to the event organizer, Trend Micro’s Zero Day Initiative (ZDI), this was the highest single-day award amount ever won in this contest. All the ten hacking attempts were successful. The competition will conclude on Friday.


It is worth noting that this is the second edition of Pwn2Own in 2022. The first edition was held in Miami and focused mainly on ICS (industrial control systems). Participants earned $400,000 for successful exploits.

Microsoft Teams Exploits “Stole” the Show

Around $450,000 out of the total awarded sum of $800,000 was won by hackers who detected vulnerabilities in Microsoft Teams. Hackers exploited sixteen zero-day vulnerabilities against Windows 11, MS Teams, Firefox, Ubuntu, Oracle VirtualBox, and Safari. Hackers will again target Teams on the last day of Pwn2Own, on Friday.


For MS Teams, $150,000 were awarded for each of the 3 exploit chains leveraged by Masato Kinugawa, Hector Peralta (p3rr0), and the STAR Labs team comprising Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, and Nguyễn Hoàng Thạch.


According to ZDI’s blog post, Peralta demonstrated an improper configuration. Kinugawa exploited a 3-bug chain, including a sandbox escape, a configuration, and an injection, while the STAR Labs team leveraged an arbitrary file write flaw and injection using a zero-click remote code execution exploit on Oracle VirtualBox.

More Pwn and Bug Bounty News
  • Bug bounty: Hack Tesla Model 3 to win your own Model 3
  • Hack the US Army for good with ‘Hack The Army’ bug bounty program
  • Microsoft Exchange server, Teams, Zoom, Chrome pwned at Pwn2Own
  • Xiaomi, Amazon Echo, Sony & Samsung Smart TVs pwned at Pwn2Own
  • iPhone 13 Pro, Windows, Chrome, Linux and others pwned at Tianfu Cup
  • Other Successful Exploits

    Manfred Paul won $100,000 for identifying a sandbox escape exploit in Mozilla Firefox, which involved improper input validation and prototype pollution, and an additional $50,000 for an out-of-band write on Apple Safari.


    Other hackers won $40,000 each for the rest of the exploits. This includes Marcin Wiązowski, who executed an out-of-bounds write privilege escalation on MS Windows 11. Team Orca of Sea Security executed two bugs on the Ubuntu desktop, STAR Labs’ Phan Thanh Duy and Lê Hữu Quang Linh exploited MS Windows 11 with a Use-After-Free elevation of privilege. Keith Yeo performed a Use-After-Free exploit on Ubuntu Desktop.


    On Thursday, Pwn2Own’s second day, researchers will hack a Tesla Model 3, and successful attempts will grant them up to a $600,000 bounty plus a new Tesla.


    Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

    Author

    I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism