Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2
On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes.
Pwn2Own is a hacking contest where security researchers compete to exploit software and mobile hardware devices to earn the coveted title of "Master of Pwn" and $1,000,000 in cash and prizes.
On day 2 of Pwn2Own, the Viettel Cyber Security team maintained a strong lead in the race for the "Master of Pwn" title, with standout performances across several categories.
Pham Tuan Son and ExLuck from ANHTUD kicked off the day by exploiting a Canon imageCLASS MF656Cdw printer using a stack-based buffer overflow, securing $10,000 and 2 Master of Pwn points.
Ken Gannon from NCC Group chained five bugs, including a path traversal, to exploit the Samsung Galaxy S24, gaining a $50,000 payout and 5 points. His exploit allowed him to install an app and gain shell access to the popular Android device.
Dungdm from Viettel Cyber Security took control of a Sonos Era 300 smart speaker using a Use-After-Free (UAF) vulnerability. His successful exploit added $30,000 to his team's earnings and 6 Master of Pwn points.
