logo
 
  1. IT-Security >
  2. Hacking >
  3. Welcome to Pwn2Own Tokyo 2019 - Schedule and Live Updating Results


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

➤ Welcome to Pwn2Own Tokyo 2019 - Schedule and Live Updating Results

RSS Kategorie Pfeil Hacking vom | Quelle: thezdi.com Direktlink öffnen Nachrichten Bewertung

こんにちは and welcome to Pwn2Own Tokyo 2019 -- coming to you again from PacSec at the Aoyama St. Grace Cathedral in Tokyo, Japan. This year’s contest is set to be our largest Pwn2Own Tokyo ever, with three contestant groups targeting eight unique products across seven categories. We have more than $750,000 USD available in cash and prizes available to the contestants, and of course no Pwn2Own competition would be complete without crowning a Master of Pwn (MoP) and awarding the coveted MoP jacket.

As always, we started the contest with a random drawing to determine the order of attempts. We have ten attempts scheduled for today and seven queued up for tomorrow. The full schedule for Day One is below (all times JTZ [UTC+9:00]). We will update this schedule with results as they become available.

Day One – November 6, 2019

0900 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Sony X800G in the Television category

SUCCESS – The Fluoroacetate duo used a Javascript OOB Read bug to exploit the television’s built-in web browser to get a bind shell from the TV. They earned $15K and 2 Master of Pwn points.

1000 - Pedro Ribeiro and Radek Domanski (Team Flashback) targeting the NETGEAR Nighthawk Smart WiFi Router (R6700) (LAN interface) in the Router category

SUCCESS - The Flashback team used an auth bypass followed by a stack-based buffer overflow to get a shell on the router. They earned $5,000 and .5 points towards Master of Pwn.

1100 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Amazon Echo in Home Automation category

1200 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Samsung Q60 in the Television category

1300 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Xiaomi Mi9 in the Web Browser category

1400 - Pedro Ribeiro and Radek Domanski (Team Flashback) targeting the NETGEAR Nighthawk Smart WiFi Router (R6700) (WAN interface) in the Router category

1500 - Pedro Ribeiro and Radek Domanski (Team Flashback) targeting the TP-Link AC1750 Smart WiFi Router (LAN interface) in the Router category

1600 - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro (FSecureLabs) targeting the TP-Link AC1750 Smart WiFi Router (LAN interface) in the Router category

1700 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Samsung Galaxy S10 in the Short Distance category

1800 - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro (FSecureLabs) targeting the Xiaomi Mi9 in the Web Browser category

Day Two – November 7, 2019

1000 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Oppo F11 Pro in the Broadband category

1100 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Samsung Galaxy S10 in the Broadband category

1200 - Amat Cama and Richard Zhu (fluoroacetate) targeting the NETGEAR Nighthawk Smart WiFi Router R6700 (LAN interface) in the Router category

1300 - Pedro Ribeiro and Radek Domanski (Team Flashback) targeting the TP-Link AC1750 Smart WiFi Router (WAN interface) in the Router category

1400 - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro (FSecureLabs) targeting the TP-Link AC1750 Smart WiFi Router (WAN interface) in the Router category

1500 - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro (FSecureLabs) targeting the Xiaomi Mi9 NFC component in the Short Distance category

1600 - Amat Cama and Richard Zhu (fluoroacetate) targeting the Samsung Galaxy S10 in the Web Browser category

We look forward to seeing the innovative research and attack techniques demonstrated by this year’s contestants. Once we verify the research presented is a true 0-day exploit, we immediately disclose the vulnerability to the vendor, who then has 90 days to release a fix. Representatives from Facebook, Samsung, Apple, Google, Amazon, Samsung, Xiaomi, Oppo, and Huawei are onsite and able to ask questions of the researchers if needed. At the end of the disclosure deadline, if a vendor is unresponsive or unable to provide a reasonable statement as to why the vulnerability is not fixed, the ZDI will publish a limited advisory including mitigation details in an effort to enable the defensive community to protect users.

We’ll update this blog with results as they become available. Follow us on Twitter for the latest information, and check back for our end-of-day blog recapping all of the results and awards.

 

...

➥ Externe Webseite mit kompletten Inhalt öffnen

➤ Ähnliche Beiträge

  • 1.

    D-Link DGS-1510-28XMP bis 1.31 erweiterte Rechte [CVE-2017-6205]

    vom 407.27 Punkte ic_school_black_18dp
    Es wurde eine kritische Schwachstelle in D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 sowie DGS-1510-20 bis 1.31 gefunden. Hiervon betroffen ist eine unbekannte Funktion. Durch die Manipulation mit einer un
  • 2.

    D-Link DGS-1510-28XMP bis 1.31 Information Disclosure [CVE-2017-6206]

    vom 407.27 Punkte ic_school_black_18dp
    In D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 sowie DGS-1510-20 bis 1.31 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Funktion. Durch Manipulation mit einer unbekannten Ei
  • 3.

    Gemalto HASP SRM/Sentinel HASP/Sentinel LDK bis 7.54 Admin Interface erweiterte Rechte

    vom 300 Punkte ic_school_black_18dp
    In Gemalto HASP SRM, Sentinel HASP sowie Sentinel LDK bis 7.54 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktion der Komponente Admin Interface. Dank Manipulation mit einer unbekannten Eingabe kan
  • 4.

    Gemalto HASP SRM/Sentinel HASP/Sentinel LDK bis 7.54 Pufferüberlauf

    vom 300 Punkte ic_school_black_18dp
    Es wurde eine Schwachstelle in Gemalto HASP SRM, Sentinel HASP sowie Sentinel LDK bis 7.54 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion. Dank der Manipulation mit einer unbekannten Eingabe kann eine Pufferüberlauf-Schwachstelle au
  • 5.

    Gemalto HASP SRM/Sentinel HASP/Sentinel LDK bis 7.54 Language Pack Update NTLM schwache Authentisierung

    vom 300 Punkte ic_school_black_18dp
    In Gemalto HASP SRM, Sentinel HASP sowie Sentinel LDK bis 7.54 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine unbekannte Funktion der Komponente Language Pack Update. Durch das Beeinflussen mit einer unbekannten Eingabe kann eine s
  • 6.

    Gemalto HASP SRM/Sentinel HASP/Sentinel LDK bis 7.54 XML Parser Stack-based Pufferüberlauf

    vom 300 Punkte ic_school_black_18dp
    Es wurde eine problematische Schwachstelle in Gemalto HASP SRM, Sentinel HASP sowie Sentinel LDK bis 7.54 ausgemacht. Es geht dabei um eine unbekannte Funktion der Komponente XML Parser. Durch Manipulieren mit einer unbekannten Eingabe kann eine Puffer
  • 7.

    Announcing Pwn2Own Tokyo for 2019

    vom 288.02 Punkte ic_school_black_18dp
    Started in 2012, our fall Pwn2Own contest has undergone quite a few changes over the years. It was initially held in Amsterdam, then moved to Tokyo the following year. It was here that we had our first Asia-based Pwn2Own participants. The contest con
  • 8.

    CentOS Blog: CentOS Pulse Newsletter, March 2019 (#1903)

    vom 286.23 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Another month into 2019, and we have a lot to tell you about. Releases and updates SIG updates Events Contributing to the newsletter CentOS is 15! As you may have seen either at recent events, or on social media, we're gett
  • 9.

    27-08-2019 | Socks 5 & 4

    vom 264.74 Punkte ic_school_black_18dp
    [CENTER][Shopsocks5.com] Service Socks5 Cheap Payment Instantly Perfectmoney, Bitcoin, Wmtransfer, BTC-E ([URL="http://shopsocks5.com/"] Please click Buy Socks [/URL]) Check Socks Online http://shopsocks5.com/check/[/CENTER] Live | 184.178.172.18:15
  • 10.

    27-08-2019 | socks 5 & 4

    vom 261.66 Punkte ic_school_black_18dp
    LIVE ~ 52.116.25.164:10356 | 0.287 | Wilmington | DE | 19893 | United States | Checked at vn5socks.net LIVE ~ 192.169.189.120:10306 | 0.225 | Unknown | Unknown | Unknown | Unknown | Checked at vn5socks.net LIVE ~ 70.168.93.201:17009 | 0.359 | Santa B
  • 11.

    CentOS Blog: CentOS Community Newsletter, August 2019 (#1908)

    vom 250.34 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, It's been another busy month, but better a few days late than never! If you'd like to help out with the process of putting together the newsletter, please see the Contributing section at the end. We're always looking for help! R
  • 12.

    PuTTY bis 0.67 SCP Command-Line Utility Stack-Based Pufferüberlauf

    vom 247.27 Punkte ic_school_black_18dp
    Allgemein scipID: 81709 Betroffen: PuTTY bis 0.67 Veröffentlicht: 07.04.2016 Risiko: kritisch Erstellt: 08.04.2016 Eintrag: 67.3% komplett Beschreibung In PuTTY bis 0.67 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es eine

Kommentiere zu Welcome to Pwn2Own Tokyo 2019 - Schedule and Live Updating Results