Hacking in reality is a far cry from what is depicted in movies. In real life, hackers can be rewarded for uncovering company security breaches. Trend Micro, a global leader in cybersecurity, decided to create a competition to harness a hacker’s abilities and ingenuity. They created a yearly competition named Pwn2Own.
Pwn2Own means to defeat an opponent — in this case, a whole megacorporation — to gain money. Trend Micro organizes this competition each year to pit hackers against worldwide companies. The rules are simple: teams of hackers are invited to try their best and crack into systems. Usually, those hackers are called White Hats, and they spend their days helping fix security bugs or fighting scammers.
#Pwn2Own Vancouver ended with record prizes for threat discoveries, including a total of $1,035,000 as well as a Tesla Model 3. Find out how Trend Micro's @thezdi helps make our world safer by pushing vendors to enhance the security of their products: https://t.co/T4LGs9TpP1 pic.twitter.com/E4eE15vgTJ
— Trend Micro (@TrendMicro) March 29, 2023
For those who are unaware, the term zero-day vulnerability refers to faults in the systems that are made aware of but have yet to be patched. Once uncovered, the white hat hackers discreetly communicate these to the companies to be fixed. As for the hackers (or rather crackers, in that case) who brought them to light, Trend Micro thanks the participants and awards them with attractive prizes. The awards vary from money to computers; this year, the Pwn2Own top contestants were awarded a total cash prize of $1,035,000, with the winner taking home the crown, more than $500,000 in their pockets, and a Tesla Model 3.
Winners and findings
The winning team this year was Synacktiv, achieving their success against Tesla and winning the first-ever Tier 2 award of the Pwn2Own competition. According to Trend Micro, the team “executed a successful TOCTOU exploit against Tesla – Gateway.” As Tesla offers connected workplaces and cars, you can imagine it’s better if the flaws in their systems are uncovered now, even if it’s during a competition as big as this one.
https://twitter.com/Synacktiv/status/1639567422528028673
Tesla was not the only company whose security got cracked. STAR Labs successfully executed a two-bug chain against Microsoft SharePoint which won them an amount of $195,000 in the process. Close behind in terms of earnings, Team Viettel and AbdulAziz Hariri exploited faults in Microsoft Teams and Adobe Reader, respectively.
Photo credits: The feature image is owned by Trend Micro and has been provided for press usage.