Rewriting the Pwn2Own Vancouver 2024 Event: A Day of Epic Exploits
The Pwn2Own Vancouver 2024 event kicked off with a bang as contestants displayed their skills in hacking some of the most popular and highly secured systems. Windows 11, Tesla, and Ubuntu Linux were among the targets, and the stakes were high – a whopping $732,500 prize money and a brand-new Tesla Model 3 car.
Windows 11, Tesla, and Ubuntu Linux – A Day Full of Zero-Day Vulnerabilities
The competition started on a high note with Haboob SA’s Abdul Aziz Hariri showcasing an impressive exploit on macOS using a combination of API restriction bypass and command injection bug on Adobe Reader, earning himself a cool $50,000.
The Tesla Model 3 car and $200,000 prize went to the team at Synacktiv for their clever hacking of the Tesla ECU using Vehicle CAN BUS Control and an integer overflow, all under 30 seconds.
Gwangun Jung and Junoh Lee from Theori security team did not disappoint either, pocketing $130,000 after managing to escape a VMware Workstation VM and gaining code execution on the host OS using a chain targeting an uninitialized variable bug, a UAF weakness, and a heap-based buffer overflow.
Reverse Tactics’ Bruno PUJOS and Corentin BAYET also made their presence known, raking in $90,000 by exploiting two Oracle VirtualBox bugs and a Windows UAF to escape the VM and elevate privileges to SYSTEM.
The first day ended with Manfred Paul winning $102,500 after completely hacking into the Apple Safari, Google Chrome, and Microsoft Edge web browsers using three zero-day vulnerabilities.
Zero-Day Attempts on the First Day of Pwn2Own Vancouver
The first day of Pwn2Own also saw several other attempts from various contestants, including:
- DEVCORE Research Team’s successful privilege escalation to SYSTEM on a fully patched Windows 11 system using an exploit that targeted two bugs, including a TOCTAU race condition. They were also awarded $10,000 for their impressive hack of an already-known Ubuntu Linux LPE exploit.
- KAIST Hacking Lab’s Seunghyun Lee’s win of $60,000 after hacking Google Chrome using a Use-After-Free vulnerability.
- Kyle Zeng from ASU SEFCOM’s clever LPE exploit targeting Ubuntu Linux via a race condition, earning him $20,000.
- Cody Gallagher’s $20,000 win for discovering an Oracle VirtualBox out-of-bounds write zero-day vulnerability.
- Viettel Cyber Security’s Dungdm’s successful hack of Oracle VirtualBox using a two-bug exploit chain, earning them $20,000.
After the zero-day exploits are showcased at Pwn2Own, vendors have 90 days to create and release security patches for all reported vulnerabilities before Trend Micro’s Zero Day Initiative discloses them to the public.
Pwn2Own Vancouver 2024 Leaderboard (ZDI)
The Pwn2Own Vancouver 2024 event will see security researchers targeting fully patched products in categories such as web browsers, cloud-native/container, virtualization, enterprise applications, servers, local escalation of privilege, enterprise communications, and automotive systems.
On the second day, Pwn2Own contestants will attempt to exploit zero-day bugs in Windows 11, VMware Workstation, Oracle VirtualBox, Mozilla Firefox, Ubuntu Desktop, Google Chrome, Docker Desktop, and Microsoft Edge.
After two days of intense hacking, the contestants have a chance to win over $1.3 million in prize money, including the highly coveted Tesla Model 3 car. The top award for hacking a Tesla has also been increased to $150,000, in addition to the car itself.
The maximum prize money of $500,000 and a Tesla Model 3 car is up for grabs for an exploit that gives complete remote control with unconfined root when targeting the Tesla Autopilot. Hackers can also earn $300,000 for a successful Hyper-V Client guest-to-host escape and privilege escalation on the host OS using a Windows kernel vulnerability.
In the previous year’s Pwn2Own Vancouver event, won by Team Synacktiv, hackers earned an impressive $1,035,000 and a Tesla car after showcasing 27 zero-day exploits (and several bug collisions) in Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, and Tesla’s Model 3. Synacktiv also managed to hack the Tesla Modem and Infotainment System during the first edition of Pwn2Own Automotive in January, gaining root permissions on the Tesla Modem by chaining three zero-day exploits and demoing a successful Infotainment System sandbox escape using a two zero-day exploit chain.
