The Pwn2Own hacking competition is moving to Ireland and Meta is joining the event as a sponsor, with $300,000 being offered for zero-click exploits against the company’s WhatsApp messaging application.
Trend Micro’s Zero Day Initiative (ZDI) made the announcement on Thursday. The event will take place in Cork, Ireland, between October 22 and 25, 2024.
WhatsApp is the only application targeted in the new ‘messenger apps’ category, which also covers one-click exploits that can earn participants up to $200,000.
In comparison, exploit acquisition firm Zerodium is currently offering up to $1 million for a WhatsApp exploit that achieves remote code execution and local privilege escalation. A zero-click exploit is worth up to $1.5 million.
Significant prizes are also being offered for mobile phone exploits at Pwn2Own Ireland. Pixel 8 and iPhone 15 exploits can earn hackers up to $250,000, and can reach $300,000 if the exploit chain includes kernel-level access. Samsung Galaxy S24 exploits have a maximum cash prize of $50,000.
Home automation hub exploits targeting AeoTec, Apple, Amazon and Google products can earn between $40,000 and $60,000.
In the ‘surveillance systems’ category, participants can earn up to $30,000 for exploits targeting Lorex, Nest, Synology, Ubiquiti and Arlo products.
HP, Lexmark and Canon printer exploits are worth up to $20,000, while Sonos, Google and Amazon smart speaker exploits can earn participants $60,000.
Pwn2Own Ireland participants can earn $40,000 for NAS device hacks. Products from Synology, TrueNAS and QNAP are targeted.
At last year’s Pwn2Own, participants earned more than $1 million for 58 unique zero-day vulnerabilities.
Related: Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
Related: VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
Related: Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024