Pwn2Own computer hacking contest is being held annually since April 2007 but this is the first time that the event has gone online due to the COVID-19 pandemic.
Similar to their spring event, the Pwn2Own hackathon is happening virtually in November 2020. The Zero Day initiative with their expert team of researchers has decided to go live from their Toronto office, unlike previous years wherein, the event used to be held at the PacSec Applied Security Conference in Tokyo, Japan.
The adrenaline-filled hackathon will take place on November 3 till 5, coinciding with the PacSec conference scheduled to happen from 1-6. The competition will ensue 20 devices as targets and is offering more than $500,000 US dollars as a monetary reward.
The event revolves around enthusiastic hackers giving them a renewed sense of competing in real-time and exploiting bugs in the systems belonging to renowned tech companies. However, this year the event is going to be held digitally due to the rampant coronavirus.
There are various travel restrictions and safety concerns thus, enthusiastic participants can register remotely for the contest until the deadline that is; October 29th, 2020. The contest focuses on six different areas in mobile and IoT technology:
- Google Pixel 4
- Samsung Galaxy S20
- Apple iPhone 11
- Huawei P40
- Xiaomi Mi 10
- Apple Watch Series 5
- Oculus Quest (64Gb)
- Portal from Facebook
- Amazon Echo Show 8
- Google Nest Hub Max
- Nest Cam IQ Indoor
- Ring Indoor Cam
- Arlo Q Plus
- Sonos One Speaker
- Sony X800H Series – 43”
- Samsung Q60T Series – 43”
- TP-Link AC1750 Smart Wi-Fi Router
- NETGEAR Nighthawk Smart Wi-Fi Router (R7800)
Network Attached Storage (NAS):
- Synology DiskStation DS418play
- Western Digital My Cloud Pro Series PR4100
Once the participants have successfully completed their selected targets, they are eligible for an ‘Add on bonus’ which will qualify them for additional monetary prizes. However, the contestants will have to identify and select add ons whilst registering for the Pwn2Own.
Last year too, Pwn2Own followed a similar suit with successful prize money awarded according to the conference’s internal ranking system. A team called Fluoroacetate emerged victorious. The team already has a history of ensuing sophisticated hacks ultimately making them champions of Pwn2Own consecutively for two years (2018 & 2019). The enigmatic duo was able to hack Xiaomi Mi 6, Samsung Galaxy S9, iPhone X, Apple Safari, and Mozilla Firefox browser.
Also, this year Facebook is returning as a partner offering Oculus Quest and Portal from Facebook devices which return as targets in the home automation category. Previously, none of the participants targeted either device in the inaugural show. Maybe this year the tables will turn and the contestants may give it a go.
As always, once the vulnerabilities and exploits are discovered by the teams the conference will form reports and inform respective vendors about them for propriety and also with the purpose to fix bugs before they are actively targeted by threat actors.