Security researchers get a prize of 21 million yen by successful hacking on Amazon Echo and Galaxy S10



In a hacking contest ' Pwn2Own 2019 ' held in Tokyo, two security researchers hacked

Amazon Echo Show 5 and Samsung Galaxy S10 and won a prize of $ 195,000 (about 21 million yen).

Zero Day Initiative — Pwn2Own Tokyo 2019 – Day One Results
https://www.zerodayinitiative.com/blog/2019/11/6/pwn2own-tokyo-2019-day-one-results

Zero Day Initiative — Pwn2Own Tokyo 2019 – Day Two Final Results
https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results

Pwn2Own is a hacking contest hosted by the Zero Day Initiative (ZDI), which provides financial incentives to report vulnerabilities run by Trend Micro to connect manufacturers and security researchers. Pwn2Own participants will demonstrate hacking for each team, earning prizes and points according to the success or difficulty of hacking, and the importance of discovery, and competing for the most.

In Pwn2Own 2019, the team “Fluoroacetate” of Amat Cama (left photo) and Richard Zhu (right photo), winners of the previous and previous tournaments, showed the overwhelming power.



Fluoroacetate captures Amazon Echo Show 5 using aninteger overflow attack ” that causes the program to overflow in the binary handling mechanism. Amazon Echo Sho 5 is running on an older version of the open source browser ' Chromium ', and there seems to be a bug that the device can be completely controlled when connected to a malicious Wi-Fi hotspot. With this hacking, Fluoroacetate earned 60 points ($ 6.6 million) and 6 points.




In addition, we successfully hacked Sony's 4K Ultra HD display X800G , Samsung Galaxy S10 and Xiaomi Mi9 in two days, winning $ 195,000 (about 21 million yen) and winning the tournament three times in a row.




Related Posts:

in Security, Posted by darkhorse_log