At the Pwn2Own competition in Tokyo, participants hacked numerous devices via unknown vulnerabilities. Among others, the Amazon Echo, smart TVs from Samsung and Sony, the Xiaomi Mi 9, the Samsung Galaxy S10 and various routers fell prey.
Team Flashback’s newcomers focused on a Netgear Nighthawk R6700 on the first day, which they managed to invade via a buffer overflow and also managed to adjust the router’s firmware via the WAN interface so that they could use their payload. permanently on the device.
The competition’s third team, F-Secure Labs, targeted an NFC component of the Xiaomi Mi 9. Using a specially crafted NFC tag, the team exploited a cross-site scripting bug in the component to extract an image from the device.
Pwn2Own is a twice-yearly hacker competition hosted by Trend Micro’s Zero Day Initiative. The aim is to uncover as many unknown vulnerabilities as possible.