Few days ago The results of the cybersecurity contest «Pwn2Own Ireland 2024», which was celebrated from October 22 to 25. During these four days, They exhibited multiple successful attacks based on zero-day vulnerabilities that affected different devices such as smartphones, NAS systems and IP cameras.
During the 4 days of the event, A total of 38 attacks were carried out on the latest firmware and operating systems, resulting in various total prizes close to one million dollars. Among the most notable attacks presented in the competition, we can mention the following.
During On the first day, most of the demonstrations were presented of attacks and of them the following were those that successfully achieved their objective:
- Lorex 2K: Five successful hacks, involving buffer overflow and pointer dereference vulnerabilities. The prizes were $30,000, $15,000, and three of $3,750.
- QNAP QHora-322: Six hacks were performed (2 on the router and 2 on the NAS) using authentication issues, path traversal, and SQL substitution, with rewards up to $100,000.
- Sonos Era 300: Three successful exploits using buffer overflow and use-already-free memory vulnerabilities, with rewards of $60,000 and two of $30,000.
- HP Color LaserJet Pro 3301fdw: Two hacks, using stack overflow and incorrect type handling vulnerabilities, earned $20,000 and $10,000.
- Canon imageCLASS MF656Cdw: Three stack overflow-based exploits, with rewards of $20,000, $10,000, and $5,000.
- QNAP TS-464 NAS: Four successful attacks relied on vulnerabilities such as the use of residual cryptographic keys in firmware and issues with certificate verification and SQL command substitution. Prizes ranged from $10,000 to $40,000.
- Synology TC500: They used a stack-based buffer overflow that earned a $30,000 prize
- Ubiquity AI Bullet: A combination of bugs in its attack chain was used to exploit and cause the lights to blink (as well as gain a root shell). The prize was $30,000.
- Synology DiskStation DS1823xs+: used an OOB script to get a shell and a modified login page
From day two onwards, attacks on the same devices were presented on several occasions, but the same types of attacks or errors that were successfully exploited were still rewarded:
- Samsung Galaxy S24: An exploit that spanned five vulnerabilities, including a path traversal issue, to obtain a shell and install an application in it was rewarded with $50,000.
- Sonos Era 300: used a single Use-After-Free (UAF) bug to exploit the speaker, was rewarded with $30,000.
- NAS True Storage X: A single attack was rewarded with $20,000.
- Synology BeeStation BST150-4T: Four hacks involving authentication bypass and command substitution earned rewards ranging from $10,000 to $40,000.
- Synology DiskStation: They used an incorrect certificate validation bug to perform the exploit. The reward was $20,000.
- AeoTec Smart Home Hub: A hack based on incorrect cryptographic signature verification, with a $40,000 reward.
Day 3:
- QNAP QHora-322 Printer: They used an OOB write and a memory corruption bug. Another attack relied on the combination of 4 bugs, including a command injection and a path traversal. The rewards were $25,000.
- Lexmark CX331adwe:$20,000 was paid for an exploit that took advantage of a Type Confusion vulnerability.
- Synology BeeStation: An unprotected main channel bug was used to exploit and execute code. The prize was $10,000.
Day 4:
- True NAS X: used two errors that had already been presented previously. The prize awarded was $20,000.
- TrueNAS Mini X: Two exploits were used. The prize was $20,000
- QNAP QHora-322: 6 errors were used, even though they had already been seen in the contest. Even so, the prize was $23,000.
Finally it is worth mentioning that There were 16 failed hacking attempts due to time constraints, affecting devices such as Ubiquiti, Synology and Lorex security cameras, several printers and NAS, and the Sonos Era 300 speaker.
Regarding the information detailed of these vulnerabilities, this will be disclosed after 90 days, which will allow manufacturers to implement patches and secure their devices against the attacks demonstrated in the contest.
If you are interested in knowing more about it, you can check the details in the following link