Participants in a hacking contest have netted over $800,000 in prizes after finding exploits in Windows 11, Microsoft Teams and other enterprise software on day one. During this 15th annual Pwn2Own Vancouver hacking competition, teams discovered 16 zero-day bugs across multiple products like Firefox, Oracle Virtualbox, Windows 11 and other popular enterprise software.
Pwn2Own Vancouver 2022 is a three-day hacking competition sponsored by Microsoft, Zoom and other big tech companies. Teams of hackers or “security researchers” try to find zero-day vulnerabilities in their software for money.
Think of it like bug bounties, except with more money and kudos. A zero-day is a software exploit or vulnerability that an attacker might discover, of which software makers are not yet aware; there is no patch, and the attack is likely to succeed. Known bugs or exploits are not valid for rewards.
Currently, eight teams have claimed at least $40,000 in prize money, with STAR Labs leading with $230,000 and 23, sigh, Master of Pwn points. The terminology might be a bit worn out, but at least the hackers seem to be having a good time showing off plenty of exploits in Microsoft Teams that are making them a lot of money.
On the second day, the teams will focus from enterprise software to automobiles. Tesla is offering over $1,000,000 in cash and prizes, including a Tesla Model 3 and a Model S for any team able to hack a Tesla.
The current reward for hacking one of these high-tech electric cars is $600,000, plus the car itself. Hackers will try to exploit zero days in the Tesla Model 3 infotainment system, which was recently discovered to be at the center of an overheating problem that led to the recall of more than 130,000 cars.
After the competition ends, participating vendors have 90 days to provide fixes for any vulnerabilities disclosed during the event. You can follow Pwn2own on the Zero Day Initiative Twitter Account.