Pwn2Own Toronto 2022 ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6-9.
During this hacking contest26 teams and security researchers targeted devices in the categories of mobile phones, home automation hubs, printers, wireless routers, network storage and smart speakers, all up to date and in their default configuration.
Although no team signed up to hack Apple iPhone 13 and Google Pixel 6 smartphones, competitors hacked a fully patched Samsung Galaxy S22 four times.
The STAR Labs team was the first to exploit a zero day in Samsung’s flagship device by performing an invalid input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points.
Another competitor, known as Chim, demonstrates another successful feat targeting the Samsung Galaxy S22 on the first day of the contest.
Security researchers from Interrupt Labs and Pentest Limited also hacked the Galaxy S22 at the second and third day of the competition, with Pentest Limited demonstrating their zero-day feat in just 55 seconds.
Pwn2Own Toronto 2022 concluded today, the fourth day of competition, with participants winning $989,750 for 63 zero-day feats across multiple categories.
The final numbers for #Pwn2Own Toronto 2022:
63 days 0 unique
36 different teams representing more than 14 countries
I see you at #Pwn2Own Miami in February!
— Zero Day Initiative (@thezdi) December 9, 2022
Throughout the contest, hackers successfully demonstrated exploits targeting zero-day bugs in devices from multiple vendors, including Canon, HP, Mikrotik, NETGEAR, Sonos, TP-Link, Lexmark, Synology, Ubiquiti , Western Digital, Mikrotik and HP.
After zero-day vulnerabilities exploited during the Pwn2Own event are reported, vendors have 120 days to release fixes before ZDI publicly discloses them.
The DEVCORE team won the contest, earning $142,500 and 18.5 Master of Pwn points. They are followed in the standings by Team Viettel with $82,500 and 16.5 points and NCC Group EDG with $78,750 and 15.5 points.