Again, the city of Tokyo, Japan is home to the Pwn2Own ethical hacking event, organized by the Zero Day Initiative and, this time, the Fluoracetate hacker team has swept the competition. After two days of the event, the two experts who make up this team accumulated more than $140k USD in rewards for finding and exploiting vulnerabilities in mobile devices of manufacturers such as Xiaomi, Samsung, among others.
This year’s winning hacker team, made up of Amat Cama and Richard Zhu, began their participation in the event by demonstrating an exploit on a Sony X800G smart TV, earning $15k USD.
These hackers have taken a wide advantage over the rest of the participants of Pwn2Own 2019, so they are expected to win the Masters of Pwn title, the name of the hacking tournament, for the third year in a row.
The previous year, Fluoracetate generated more than $80k USD from finding vulnerabilities in next-generation devices, such as Apple’s iPhone X, Xiaomi’s smartphone mobile browser, among other devices, claiming as Pwn2Own 2018 winners.
Although the results of the event were overwhelmingly favorable for Fluoracetate, the rest of the ethical hacking experts who participated also made important findings. The second place in the rankings was for F-Secure Labs, a team that amassed more than $70k USD in rewards for their findings; on the other hand, Flashback, a debuting team at Pwn2Own, took third place, with about $50k USD.
In total, more than $300,000 were given to participating ethical hacking experts; reports on the vulnerabilities found will be sent to the manufacturers of the exploited devices to be corrected within 90 days of the report.
According to the ethical hacking specialists of the International Institute of Cyber Security (IICS), such events encourage the participation of various members of the cybersecurity community, whether established firms or independent researchers combating the exploitation of vulnerabilities in commonly used hardware and software.
However, it is also a reflection of the multiple security drawbacks present on all kinds of Internet-connected devices, so it is important that ethical hackers encounter these flaws before the threat actors do so.