The annual Pwn2Own competition organized by Trend Micro offers a lucrative opportunity for security researchers to crack various devices and software. Winners not only receive monetary prizes, but also get to keep the hacked devices. This year, the competition has seen successful attacks on a range of targets, including the Tesla Model 3, Ubuntu, Teams, and Virtualbox.
On the first day, security researchers combined multiple bugs to break out of the Adobe Reader sandbox, earning themselves a $50,000 prize. The Tesla hack was even more lucrative, netting the team $100,000 in addition to the car itself. Other successful attacks included obtaining higher user rights in macOS, Windows 11, and Teams.
Following a combination of three vulnerabilities, VirtualBox was hit on the second day, along with yet another successful attack on Tesla’s in-vehicle infotainment system, worth $250,000. While one attempted hack on Ubuntu failed, another was successful and led to an escalation of privileges.
Despite the impressive results, technical details of the attacks have yet to be released. This leaves device manufacturers and software providers scrambling to implement necessary security patches to close any vulnerabilities that have been identified.
The competition remains ongoing, with VMware Workstation and Windows 11 still on the agenda for the final day. So far, the prize money already paid out to researchers has totaled $850,000. As always, this annual event highlights the ever-present need for robust cybersecurity measures in all devices and software.
