This year the 2022 Pwn2Own contest took place in Vancouver. This contest gave a platform to hackers and cybersecurity experts to display their skills in a timed frame. This was the 15 annual Pwn2Own contest and the crowd which joined this year wasn’t disappointing at all. A total of 17 contestants were able to attack 21 given targets. Some of the named targets were Windows 11, Apple’s Safari browser, and the electronics from Tesla’s Model 3.
This year, the contest spent a total of $1,155,000 in awards, and out of this sum, one of the biggest payouts were made for exploits against the utility of the Microsoft Teams. Although Teams isn’t part of Windows but can be considered in conjunction as it comes with many Windows 11 installs. So these exploits can rightly be termed as the exploits for Windows. Among those who earned major exploits of up to $150,000 including the Hector “p3rr0” Peralta, Masato Kinugawa, and STAR Labs.
On day one as well as day two, Microsoft’s operating system also had exploits for privilege escalation. $40,000 was awarded to both STAR Labs and Marcin Wiązowski. Fresh exploits were waiting to happen on day three as well in the same privilege escalation category. Another $40,000 was awarded to the three winners.
Moving on to the Tesla Model 3, the Synacktiv demonstrated a sandbox escape exploit on the infotainment system of the car. This would give enough control to the hacker to take control of the built-in computer of the car. With further exploits, the hacker can easily take control of the autopilot system of the car as well and can do so remotely. For exploiting this bug, the Synacktiv group was able to bag a reward of $75,000.
Other targets included the Ubuntu Desktop (hacked), the Mozilla Firefox (hacked), and the Apple Safari (hacked).