0

Pwn2Own Tokyo Roundup

0 comments, 58 views, posted 4:31 pm 08/11/2019 in Geek by REALITY
REALITY has 23035 posts, 8782 threads, 446 points, location: Don’t believe what I post - Research what I post.
I want to be the reason you get out of bed in the morning...Even if it is to make sure the door is locked.

Amazon Echo, Routers and Smart TVs Fall to Hackers


The latest edition of the bi-annual hacking contest saw creative exploits in new device categories.

Another Pwn2Own has drawn to a close, with Team Fluoroacetate (researchers Amat Cama and Richard Zhu) taking home the Master of Pwn title for the third year in a row.

Overall, contestants in the Tokyo 2019 event earned more than $315,000 over the two-day hacking contest, for uncovering 18 different bugs in the various products. This encompassed new categories for Wi-Fi routers, televisions and smart-home/home automation products, including the pwning of an Amazon Echo. Three teams – Team Fluoroacetate, F-Secure Labs and newcomers Team Flashback – dominated the proceedings.

Most notably, Team Fluoroacetate (which raked in $195,000 overall in the contest) used an integer overflow in JavaScript to compromise Amazon Echo Show 5 and take full control of it (with the device in an RF enclosure to ensure no outside interference). For this, they earned $60,000, the top reward in the event.

“Once patched, this should prove to be an interesting write-up,” according to the Zero-Day Initiative’s blog of the event.

Team Fluoroacetate also took a whack at smart TVs. Their efforts included hacking the Sony X800G smart TV, which was notable for being the first television to make an appearance in the Pwn2Own contest. They were able to use a JavaScript out-of-bounds (OOB) read in the embedded web browser to gain a bind shell (this opens up a communication port to allow an attacker to connect to the device and execute code). They earned $15,000 for that, and also targeted the Samsung Q60 smart TV, earning $20,000 by using an integer overflow in JavaScript to gain a reverse shell from the television.

And finally, the team turned their attention to mobile phones, starting with a knock-out compromise of Samsung’s flagship Galaxy S10 via baseband. They used a rogue base station and a stack overflow to drop a file onto the Galaxy, earning $50,000. Their success marked the third year in a row that Samsung’s flagship handset has been hacked.

They also used a bug in JavaScript JIT followed by a use-after-free flaw to escape the sandbox on the Galaxy S10 via the near-field communications (NFC) component. They were able to steal a picture off the phone with a single tap, reaping a $30,000 reward.

And, in another demonstration, they used a JavaScript bug that jumped the stack to exfiltrate a picture from the Xiaomi Mi9, earning $20,000.

Comments

No Comments yet!

Add Comment

via teoti, or register to add a comment!