"SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022"

Trend Micro’s Zero Day Initiative (ZDI) recently announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.  On the third day of the event, participants earned $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI noted that $681,000 was paid out in the first two days.  ZDI stated that the new SOHO Smashup category earned participants the highest amounts on the third day. In this category, a small office/home office (SOHO) scenario is simulated, with the goal being to hack a router on the WAN interface and then pivoting to the LAN, where a second device needs to be hacked, such as a smart speaker, NAS appliance, or printer.  ZDI noted that a team representing NCC Group earned $50,000 for hacking a Ubiquiti router and a Lexmark printer in a SOHO Smashup attack. The Star Labs team earned $25,000 for an attack targeting a Synology router and a Canon printer. Team Viettel was awarded $37,500 for a hack involving a Cisco router and a Canon printer.  ZDI stated that the last Samsung Galaxy S22 exploit of this Pwn2Own earned a participant $25,000. White hat hackers were awarded $125,000 for Galaxy S22 vulnerabilities disclosed at the event. Google and Apple phones have not been targeted.  Also, on the third day, $20,000 rewards were earned by participants for Sonos One smart speaker and WD NAS appliance exploits.  Eleven attempts are scheduled for the last day, and participants will target printers and routers.
 

SecurityWeek reports: "SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022"