Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

This year’s Pwn2Own 2023 was held in Vancouver between March 22nd and 24th, 2023.
Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

At Pwn2Own 2023, participants were awarded a full bounty (more than $1,000,000) in each round for successful exploits.

Pwn2Own, as we know it, is an annual computer hacking contest that offers various advantages to the cybersecurity industry. At this year’s Pwn2Own 2023 held in Vancouver between 22 and 24 March 2023, around 19 entries were part of the event, aiming to target nine different platforms, including Tesla cars.

This time, participants were awarded a full bounty (more than $1,000,000) in every round for successful exploits.

During the three-day event, contestants revealed 27 unique zero days and won $1,035,000 cumulatively and a Tesla. Team Synacktiv won the most points (53 points) and was declared the Masters of Pwn. They took home $530,000, a $25,000 bonus, Platinum status in 2024 Pwn2Own, and a Tesla Model 3. Here are the highlights of vulnerabilities disclosed each day.

Day 1 Highlights:

On day 1, Haboon SA’s AbdulAziz Hariri (@abdhariri) used a 6-bug logic chain to attack Adobe Reader and successfully exploited multiple failed patches that evaded the sandbox and bypassed a banned API list. For this attempt, Hariri warned $50,000 and five Master of Pwn points.

STAR Labs successfully executed a 2-bug chain targeting Microsoft SharePoint and earned $100,000 with ten Master of Pwn points. Team STAR Labs also successfully executed an attack against Ubuntu Desktop. However, this was a known exploit for which they earned $15,000 and 1.5 points.

Qrious Security’s Bien Pham (@bienpnn) successfully exploited Oracle VirtualBox using an OOB Read with a stacked-based buffer overflow and earned $40,000 with 4 Master of Pwn points.

Synacktiv (@Synacktiv) successfully executed a TOCTOU attack against Tesla – Gateway and earned ten Master of Pwn points, a Tesla Model 3, and $100,000.

Marcin Wiązowski managed to get elevated privileges on Windows 11 using an improper input validation bug and received a $30,000 bounty with 3 Master of Pwn points.

Day 2 Highlights:

On day 2, Synacktiv team’s Thomas Imbert and Thomas Bouzerar successfully demonstrated a 3-bug chain targeting Oracle VirtualBox with a Host EoP. However, since the bug was previously known, they earned $80,000 and eight Master of Pwn points.

Another successful exploit came from Team Synacktiv’s David Berard and Vincent Dehors; they exploited Tesla- Infotainment Unconfined Root through a heap overflow and an OOB write.

The duo qualified for 25 Master of Pwn points, a Tier 2 award, and a $250,000 bounty. Another achievement of Team Synacktiv came from Tanguy Dubroca for acquiring privilege escalation on Ubuntu Desktop using an incorrect pointer scaling. The team earned $30,000 and 3 Master of Pwn points.

On the second day, Team Viettel used a 2-bug chain to target Microsoft Teams and earned eight Master of Pwn points with a $75,000 award. Team Viettel also successfully exploited Oracle VirtualBox using an uninitialized variable with a UAF bug and was awarded $40,000 with four Master of Pwn points.

Day 3 Highlights:

On day 3, ASU SEFCOM’s Kyle Zeng exploited Ubuntu Desktop using a double-free bug and earned $30,000 with three Master of Pwn points.

Synacktiv’s Thomas Imbert exploited Microsoft Windows 11 using a UAF. Imbert earned three Master of Pwn points and $30,000. Theori’s Mingi Cho also used a UAF to target Ubuntu Desktop. Chio earned a $30,000 bounty and three Master of Pwn points.

Lastly, STAR Labs targeted VMWare Workstation using an uninitialized variable and UAF. They earned eight Master of Pwn points and $80,000.

Pwn2Own – Good for Cybersecurity

An initiative like Pwn2Own provides a platform for security researchers to showcase their skills and identify vulnerabilities in widely used software and operating systems. By doing so, the contest helps identify weaknesses that may not have been discovered previously, allowing vendors to develop fixes and improve their products’ security.

Another advantage of Pwn2Own is that it incentivizes researchers to find and report vulnerabilities in a responsible manner, rather than selling them on the black market or using them maliciously. The contest rewards researchers for successfully exploiting vulnerabilities, encouraging them to disclose their findings to the relevant vendors, who can then address the issues and improve the security of their products.

Finally, Pwn2Own helps raise awareness about the importance of cybersecurity and the need for continuous improvement in the security of software and systems. By highlighting the risks and potential consequences of cyber attacks, the contest encourages individuals and organizations to take security seriously and invest in measures to protect themselves from potential threats.

  1. Hack DHS and get a $5,000 Bug Bounty
  2. 6 of the Best Crypto Bug Bounty Programs
  3. Hack the Pentagon 3.0: Bug Bounty Program
  4. Bug bounty: Hack Tesla Model 3 to win Model 3
  5. Hacker at DefCon Jaikbreaks Tractor to Play Doom
Related Posts