Amazon, Sony, Xiaomi, Samsung Devices Successfully Hacked at Pwn2Own Tokyo 2019

White hat hackers also managed to crack TP-Link and Netgear routers.

Share on Facebook Tweet Share Reddit Comment
Amazon, Sony, Xiaomi, Samsung Devices Successfully Hacked at Pwn2Own Tokyo 2019

Photo Credit: The ZDI

Hacker duo Amat Cama and Richard Zhu who go by the name Fluoroacetate had the most success

Highlights
  • Hackers managed to steal a photo off Xiaomi Mi 9 and Samsung Galaxy S10
  • Hacker duo Fluoroacetate won the most money on day 1
  • Samsung Q60 and Sony X800G TVs were also hacked

A number of popular devices from the likes of Amazon, Netgear, Sony, Samsung, TP-Link, and Xiaomi were hacked by various white hat hacker teams as part of the Pwn2Own Tokyo 2019 competition. The organisers of the event will be sharing the details of the hacks with the respective companies to release the patched versions of their devices in the future. The hackers managed to crack Amazon Echo Show 5 smart speaker, Samsung Q60 TV, Sony X800G TV, Netgear Nighthawk Smart Wi-Fi Router R6700, and TP-Link AC1750 Smart Wi-Fi router, apart from the Samsung Galaxy S10 and Xiaomi Mi 9 smartphones on the first day of the competition, as well as part of the second day.

Hacker duo Amat Cama and Richard Zhu who go by the name Fluoroacetate had the most success and they were able to crack five devices. The duo exploited Sony X800G, the first television in Pwn2Own history, using a JavaScript out-of-bounds (OOB) Read, whereas they compromised an Amazon Echo Show 5 using an integer overflow in JavaScript.

Fluoroacetate were able to hack Samsung Q60 television as well using integer overflow in JavaScript. The team also saw success with the Xiaomi Mi 9, on which they used a JavaScript bug to extract a picture from the phone. Amat Cama and Richard Zhu managed to grab a picture off the Samsung Galaxy S10 by going through the phone's NFC module. The duo was also able to push a file on the phone using a stack overflow. Lastly, the team managed to crack Netgear Nighthawk Smart Wi-Fi Router R6700 (LAN interface). For these exploits, the Fluoroacetate team won over $195,000 (roughly Rs. 1.4 crores).

Another team, Pedro Ribeiro and Radek Domanski who call themselves Flashback targeted the LAN and WAN interfaces of the TP-Link AC1750 Smart Wi-Fi router and were successful. They also succeeded in cracking both LAN and WAN interfaces of Netgear Nighthawk Smart Wi-Fi Router R6700.

Most of these devices were hacked on the first day, and the second day is still going on and we are likely to see more exploits of some of the already existing devices and more. We will update this space as and when the day two ends.

As mentioned, the Pwn2Own Tokyo 2019 team will share these exploits with the respective companies to get them fixed.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Gaurav Shukla Paranoid about online surveillance, Gaurav believes an artificial general intelligence is one day going to take over the world, or maybe not. He is a big ‘Person of Interest’ fan. More
HP Confirms It Has Held Talks With Xerox Over 'Business Combination'
Valve May Be Working on Steam Cloud Game Streaming Service to Rival Google Stadia, Microsoft Project xCloud
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.