White hat hackers taking part in the Pwn2Own Ireland 2024 contest organized by Trend Micro’s Zero Day Initiative (ZDI) have earned half a million dollars on the first day of the event, for exploits targeting NAS devices, cameras, printers and smart speakers.
The highest single reward, $100,000, was earned by Sina Kheirkhah of Summoning Team, who chained a total of nine vulnerabilities for an attack that went from a QNAP QHora-322 router to a TrueNAS Mini X storage device.
Another exploit chain involving the QNAP QHora-322 and TrueNAS Mini X products was demonstrated by Viettel Cyber Security, but this team earned only $50,000.
A significant reward was also earned by Jack Dates of RET2 Systems, who received $60,000 for hacking a Sonos Era 300 smart speaker.
QNAP TS-464 and Synology DiskStation DS1823XS+ NAS device exploits earned $40,000 each for two different teams.
Participants also successfully demonstrated exploits against the Lorex 2K WiFi, Ubiquity AI Bullet, and Synology TC500 cameras, and HP Color LaserJet Pro MFP 3301fdw and Canon imageCLASS MF656Cdw printers. These attempts earned the hackers between $11,000 and $30,000.
According to ZDI, a total of $516,250 was paid out on the first day of Pwn2Own Ireland for over 50 unique vulnerabilities.
Over the next days, in addition to cameras, NAS devices, smart speakers and printers, contestants will attempt to demonstrate exploits targeting a Samsung Galaxy S24 phone and an AeoTec Smart Home Hub.
Pwn2Own Ireland 2024 also includes a messaging app category, with up to $300,000 offered for a zero-click WhatsApp exploit. Prizes of up to $250,000 were offered for Pixel 8 and iPhone 15 exploits. However, it appears that there are no entries targeting these products.
Related: Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes
Related: VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
Related: Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own
