Pwn2Own Tokyo 2018 is a contest held for hackers alongside the PacSec security conference in the capital Tokyo, Japan. One the first day of Pwn2Own, Apple iPhone X, Samsung Galaxy S9 and Xiaomi Mi 6 have been successfully hacked for rewards by different tech teams.
Xiaomi Mi 6 Hacked
A team of two including Amat Cama and Richard Zhu and named as “Fluoroacetate” first hacked the Xiaomi Mi 6 with the NFC exploit. The Zero Day Initiative (ZDI), organizers of the event, told that Fluoroacetate managed to use an out-of-bounds write bug influencing web assembly to achieve code execution through NFC. The team was rewarded $30,000 for the research.
Samsung Galaxy S9 Hacked
Furthermore, MWR Labs team also attempted exploits on the Android flagship Samsung Galaxy S9. It took them two attempts to demonstrate an exploit on the device. The researchers hacked a captive portal on Galaxy S9 with no user-interaction to use it for putting unsafe redirect and unsafe application aiding to load bugs on the device and execute the code. The white hats earned another $30,000 for the exploit.
Apple iPhone 7 Hacked
The Fluoroacetate also successfully attempted an exploit on Samsung Galaxy S9. The researches piled up an overflow in Galaxy S9’s baseband component and earned $50,000.
Furthermore, the team attempted to exploit on an iPhone X and successfully hacked the device over Wifi using a bug named Just-In-Time (JIT) and an out-of-bounds write flaw which earned them $60,000.
The Annual Pwn2Own Event
The total price earned by Pwn2Own Tokyo 2018 participants on the first day of the event was $225,000. On the second day, MWR Labs and Fluoroacetate will take several other attempts to hack Apple iPhone X and Xiaomi Mi 6. The competition will also cover IoT devices including Amazon Echo, Apple Watches. Amazon Cloud Cam, Google Home, and Nest Cam IQ Indoor. The prizes range from $40,000 to $60,000 for these devices. However, no exploit will be presented. Devices not included in this year’s event are Google Pixel 2 and Huawei P20.
Notably, last year participants earned more than half a million in Mobile Pwn2Own when they took on Galaxy S8, Huawei Mate 9 Pro, and iPhone 7.