Sunday, September 24, 2023

Amazon, Sony, Xiaomi, Samsung Devices Successfully Hacked at Pwn2Own Tokyo 2019


A number of popular devices from the likes of Amazon, Netgear, Sony, Samsung, TP-Link, and Xiaomi were hacked by various white hat hacker teams as part of the Pwn2Own Tokyo 2019 competition. The organisers of the event will be sharing the details of the hacks with the respective companies to release the patched versions of their devices in the future. The hackers managed to crack Amazon Echo Show 5 smart speaker, Samsung Q60 TV, Sony X800G TV, Netgear Nighthawk Smart Wi-Fi Router R6700, and TP-Link AC1750 Smart Wi-Fi router, apart from the Samsung Galaxy S10 and Xiaomi Mi 9 smartphones on the first day of the competition, as well as part of the second day.

Hacker duo Amat Cama and Richard Zhu who go by the name Fluoroacetate had the most success and they were able to crack five devices. The duo exploited Sony X800G, the first television in Pwn2Own history, using a JavaScript out-of-bounds (OOB) Read, whereas they compromised an Amazon Echo Show 5 using an integer overflow in JavaScript.

Fluoroacetate were able to hack Samsung Q60 television as well using integer overflow in JavaScript. The team also saw success with the Xiaomi Mi 9, on which they used a JavaScript bug to extract a picture from the phone. Amat Cama and Richard Zhu managed to grab a picture off the Samsung Galaxy S10 by going through the phone’s NFC module. The duo was also able to push a file on the phone using a stack overflow. Lastly, the team managed to crack Netgear Nighthawk Smart Wi-Fi Router R6700 (LAN interface). For these exploits, the Fluoroacetate team won over $195,000 (roughly Rs. 1.4 crores).

Another team, Pedro Ribeiro and Radek Domanski who call themselves Flashback targeted the LAN and WAN interfaces of the TP-Link AC1750 Smart Wi-Fi router and were successful. They also succeeded in cracking both LAN and WAN interfaces of Netgear Nighthawk Smart Wi-Fi Router R6700.

Most of these devices were hacked on the first day, and the second day is still going on and we are likely to see more exploits of some of the already existing devices and more. We will update this space as and when the day two ends.

As mentioned, the Pwn2Own Tokyo 2019 team will share these exploits with the respective companies to get them fixed.

Source link


Please enter your comment!
Please enter your name here


Related Stories