The PWN2own IRELAND 2024 competitions saw a total of 38 successful attacks utilizing previously unknown vulnerabilities, also known as zero-day vulnerabilities. These attacks targeted various devices such as mobile devices, printers, smart speakers, storage systems, and IP frames. The competition showcased the proficiency of hackers in exploiting these vulnerabilities, even when the devices were equipped with the latest firmware and operating systems, along with all available updates, in their default configuration. The cumulative rewards paid out to participants amounted to a total of 993,625 US dollars.
Highlighted successful attacks included:
- Samsung Galaxy S24 smartphone: One award of $50,000 for exploiting 5 vulnerabilities, including a path traversal issue.
- Qnap TS-464 NAS network storage: 4 successful hacks resulting in rewards of $40,000, $10,000, and 2 bonuses of $20,000 each.
- Qnap Qhora-322 network storage: 6 successful hacks with rewards ranging from $23,000 to $100,000.
- True Nas X network vault: One successful hack rewarded with $20,000.
- Synology BeeStation BST150-4T network storage: 4 successful hacks with rewards totaling $40,000, $20,000, and 2 bonuses of $10,000 each.
- Synology Diskstation DS1823XS+ Network Storage: 4 successful hacks with rewards of $40,000 and 2 bonuses of $20,000 each.
- Lexmark CX331ADWE printer: One successful hack rewarded with $20,000 for a vulnerability related to type confusion.
- HP Color Laserjet Pro MFP 3301FDW printer: 2 successful hacks with rewards of $20,000 and $10,000.
- Canon ImageClass MF656CDW printer: 3 successful hacks with rewards ranging from $5,000 to $20,000.
- LOREX 2K WIFI CCTV camera: 5 successful hacks resulting in rewards of $30,000, $15,000, and 3 bonuses of $3,750 each.
- Synology TC500 CCTV camera: One successful hack rewarded with $30,000.
- UBIQUITI AI Bullet CCTV camera: 3 successful hacks with rewards of $30,000, $15,000, and $3,750.
/Reports, release notes, official announcements.