Source URL: https://it.slashdot.org/story/24/10/23/2213229/white-hat-hackers-earn-500000-on-first-day-of-pwn2own-ireland-2024?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: White Hat Hackers Earn $500,000 On First Day of Pwn2Own Ireland 2024
Feedly Summary:
AI Summary and Description: Yes
Summary: The report highlights the significant financial rewards earned by white hat hackers during the Pwn2Own Ireland 2024 contest for exploiting various vulnerabilities in NAS devices and smart technologies. This event underscores the ongoing challenges of securing consumer-grade and enterprise hardware, emphasizing the importance of continuously testing systems against emerging threats.
Detailed Description: The Pwn2Own Ireland 2024 contest, organized by Trend Micro’s Zero Day Initiative (ZDI), serves as a crucial platform for identifying vulnerabilities in widely-used hardware and software products. Here are some key takeaways from the event:
– **Total Earnings**: On its first day, white hat hackers collectively earned $516,250 for exploiting over 50 unique vulnerabilities.
– **Top Performers**:
– Sina Kheirkhah from Summoning Team earned the highest single reward of $100,000 by exploiting a series of vulnerabilities that linked a QNAP QHora-322 router to a TrueNAS Mini X storage device—a demonstration that showcases the interconnectedness of network and storage systems, which could be targeted by malicious actors.
– Viettel Cyber Security also demonstrated an exploit involving the same devices but received $50,000.
– Jack Dates of RET2 Systems earned $60,000 for hacking a Sonos Era 300 smart speaker, indicating vulnerabilities in consumer audio devices.
– **Other Exploits**:
– Participants successfully demonstrated exploits against various devices, including NAS devices (QNAP TS-464 and Synology DiskStation DS1823XS+), network cameras (Lorex 2K WiFi, Ubiquity AI Bullet, Synology TC500), and printers (HP Color LaserJet and Canon imageCLASS series), with rewards ranging from $11,000 to $40,000 for different devices.
This event reflects the broader challenges of **Infrastructure Security** and **Information Security** as it pertains to everyday technology. The high financial incentives demonstrate not only the existing vulnerabilities in these devices but also the industry’s increasing recognition of the need for proactive security measures.
– **Implications for Security Professionals**:
– Regularly assess and patch vulnerabilities in both consumer and enterprise-grade hardware.
– Engage in or support competitions like Pwn2Own to leverage the findings and enhance security protocols.
– Heightened awareness of the security landscape regarding IoT and connected devices is essential, given the payouts supporting the testing of potential gaps.
Overall, the Pwn2Own contest highlights the critical need for vigilance in securing devices that constitute an essential part of modern IT infrastructure, underscoring a recurring theme for many security professionals in the field.