Category Archives: CanSecWest

Tesla Model 3’s onboard browser attacked successfully at Pwn2Own

Posted on by

A prolific duo of white-hat hackers exploited a previously unknown flaw in the web browser for the Tesla Model 3’s infotainment system on the third and final day of the Pwn2Own competition in Vancouver, demonstrating the first automotive zero-day in the event’s history. Team “Flouroacetate” — aka Amat Cama and Richard Zhu — used the Tesla hack on Friday to cap off a dominant run in the competition, which takes place annually during the CanSecWest security conference. Cama and Zhu successfully demonstrated zero-day exploits on popular web browsers and widely used virtualization software during the first two days. The Zero Day Initiative (ZDI), the organization that runs Pwn2Own, didn’t release many details about the Tesla hack. Given the sensitivity of any flaws in automotive software, it’s hardly surprising. But the value of Cama and Zhu’s research to Tesla is clear: Not only did they win cash for their demonstration, they […]

The post Tesla Model 3’s onboard browser attacked successfully at Pwn2Own appeared first on CyberScoop.

Continue reading Tesla Model 3’s onboard browser attacked successfully at Pwn2Own

Mozilla Firefox, Microsoft Edge succumb in web browser competition at Pwn2Own

Posted on by

The first day of this year’s Pwn2Own competition featured successful zero-day exploits on a popular web browser, and day two was no different, with the “Fluoroacetate” duo of Amat Cama and Richard Zhu turning their attention to Mozilla’s Firefox and Microsoft’s Edge. The team took home another $180,000 for their attacks, bringing their overall winnings to $340,000 for the competition, which highlights critical bugs in widely distributed software. Thursday’s winners also included Niklas Baumstark, who won $40,000 for a Firefox attack, and Arthur Gerkis of Exodus Intelligence, who won $50,000 for successfully targeting Edge. Competitors spend months preparing for the annual Pwn2Own hacking contest in Vancouver, which takes place during the CanSecWest security conference. Participants are tasked with trying to find vulnerabilities in widely used technology, and rewarded with cash prizes. They are only given a short amount of time to demonstrate their exploits for the crowd and judges. Team Flouroacetate’s attacks on […]

The post Mozilla Firefox, Microsoft Edge succumb in web browser competition at Pwn2Own appeared first on CyberScoop.

Continue reading Mozilla Firefox, Microsoft Edge succumb in web browser competition at Pwn2Own

Apple, Oracle, VMware products successfully hacked at Pwn2Own

Posted on by

The white-hat hacking team of Amat Cama and Richard Zhu, together known as “Flouroacetate,” took home the majority of the prize money available on the first day of this year’s Pwn2Own competition in Vancouver, demonstrating zero-day exploits against Apple’s Safari browser as well as virtualization software from Oracle and VMware. Other winners on Wednesday included “anhdaden,” also known as Phạm Hồng Phi of Singapore-based cybersecurity company STAR Labs, who targeted the Oracle software; and the phoenhex & qwerty team — Bruno Keith, Niklas Baumstark and Luca Todesco — which targeted Safari. Flouracetate won $160,000 total, while anhdaden earned $35,000 and phoenhex & qwerty claimed $45,000 in prize money. Confirmed! @fluoroacetate leveraged a race condition leading to an out-of-bounds write to escalate from a #VMware client to execute code on the host OS. The effort brings them another $70,000 and 7 more Master of Pwn points. Their Day 1 total is $160,000 […]

The post Apple, Oracle, VMware products successfully hacked at Pwn2Own appeared first on CyberScoop.

Continue reading Apple, Oracle, VMware products successfully hacked at Pwn2Own

Bug bounty: Hack Tesla Model 3 to win your own Model 3

Posted on by

By Waqas
Tesla is partnering with Pwn2Own’s bug bounty to identify vulnerabilities in its Model 3 car software. Electric car maker Tesla announced recently that the company is partnering with Pwn2Own hacking contest organizers in order to help th… Continue reading Bug bounty: Hack Tesla Model 3 to win your own Model 3

Hackers beat Firefox and Safari to earn $105K at Pwn2Own

Posted on by

Zero-day exploits earned hackers $105,000 in total on Thursday during the second day of the Pwn2Own contest in Vancouver, British Columbia. Packed into a small basement room, a rapt crowd watched as Richard Zhu successfully hacked Firefox and gained control of the target computer to win $50,000 and clinch the overall victory for the competition. That in addition to his wins Wednesday, when he earned $70,000 successfully targeting Microsoft Edge with an exploit that took him almost a week of work to develop. Zhu, a veteran of the world class Carnegie Mellon University capture the flag (CTF) team as well as previous Pwn2Own competitions, had a particularly memorable run against Microsoft Edge when he debugged his exploit on the fly and on the clock, succeeding on his third and final attempt. It followed a three-strike failure when Zhu opened the contest with an unsuccessful attempt to hack Safari, Apple’s default browser. “I put a lot of work into […]

The post Hackers beat Firefox and Safari to earn $105K at Pwn2Own appeared first on Cyberscoop.

Continue reading Hackers beat Firefox and Safari to earn $105K at Pwn2Own

Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017

Posted on by

On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux. Continue reading Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017