Zero-day vulnerabilities found in Canon ImageCLASS and HP Color LaserJet Pro printers at Pwn2Own

It has been just a few hours since the start of the Pwn2Own Austin 2021 hacking event and there have already been reports of severe vulnerabilities in commonly used devices, including security flaws in printers, presented at this type of event for the first time. Participating researchers have earned a total of $360,000 USD for demonstrating exploits against printers, NAS devices, and even smart speakers.

One of the first interventions, by Synacktiv researchers, presented an exploit capable of compromising Canon ImageCLASS printers, while Devcore experts demonstrated the presence of a severe vulnerability in Canon ImageCLASS and HP Color LaserJet Pro.

In addition, Devcore experts showed how to execute arbitrary code on a Sonos smart speaker, receiving a reward of $60,000 USD, the highest paid for a bug in this class of devices.

On other presentations, the first day of the event organized by The Zero Day Initiative was presented a failed attempt to compromise the security of a Samsung Galaxy S21, although this smartphone model will continue to be tested throughout the event. So far there are no known presentations of exploits for smart TVs, local storage devices or other similar implementations.

It should be remembered that this edition of the event focuses on hardware implementations, since the presentations of exploits in software took place last April. On that occasion, methods for the exploitation of vulnerabilities in web browsers, virtualization software, servers and business communication implementations were presented.

While the rewards delivered during Pwn2Own 2021 are attractive to researchers, other events have delivered much higher prizes; The Tianfu Cup, a hacking event held in China, delivered more than $2 million USD in its most recent edition, presenting reports of vulnerabilities in Microsoft Exchange, Chrome, Safari, Adobe tools, Docker, VMware and other implementations.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.