‘Security researchers’ aka hackers make $800k prize money for exploiting Windows 11 and Teams
Contestants in a hacking contest have netted over $800K in prize money after finding exploits in Windows 11, Microsoft Teams, and other enterprise software on the first day. During this 15th annual Pwn2Own Vancouver hacking competition, the teams discovered 16 zero-day bugs on multiple products like Firefox, Oracle Virtualbox, Windows 11, and other popular enterprise software.
Pwn2Own Vancouver 2022 is a three-day-long hacking competition sponsored by Microsoft, Zoom, and other big tech companies. Teams of hackers or ‘security researchers’ attempt to find zero-day vulnerabilities in their software for prize money.
Think of it like bug bounties except with more money and kudos. A zero-day is a software exploit or vulnerability that an attacker could discover, one that the software makers aren’t already aware of; there’s no patch, and the attack is likely to succeed. Known bugs or exploits are not valid for rewards.
Currently, eight teams have claimed at least $40k in prizes, with STAR Labs leading the way with $230K and 23, sigh, Master of Pwn points. The terminology might be a bit worn out, but at least the hackers seem to be having a good time showing off numerous exploits in Microsoft Teams that’s been scoring them big money.
On day 2, teams will be shifting focus from enterprise software to automobiles. Tesla is offering more than $1,000,000 in cash and prizes, including a Telsa Model 3 and Model S for any team that can hack a Tesla.
The current reward for hacking one of these high-tech electric cars is $600K, plus the car itself. Hackers will try to exploit zero-days in the Tesla Model 3’s Infotainment System, recently found to be the center of an overheating issue that resulted in a recall of over 130K cars.
Once the contest comes to a close, vendors who participated then have 90 days to provide fixes for all vulnerabilities disclosed during the event. You can keep up with Pwn2own on the Zero Day Initiative Twitter account.
