Routers, NAS and phones hacked in Pwn2Own competition

Security researchers gathered in Austin, Texas, this week for yet another Pwn2Own hacking competition, racking up more than $1 million in rewards for their exploit demonstrations.

The latest edition of the iconic hacking contest has seen a specific focus on network-attached storage (NAS) boxes as well as routers, with mobile phones and printers also on the menu.

Among the more popular targets at the competition was the Cisco RV340 router, which was subjected to nine successful or “collision” attacks that used previously known flaws, with one more attempt failing to execute. Researchers were able to break into the networking appliance using both known and unknown security vulnerabilities.

Also popular with hacker contestants was the Western Digital My Cloud Pro Series PR4100 NAS box. The storage device was the subject of nine successful or collision hacks.

Topping the contest was the team from security firm Synactiv, who managed to rack up $197,500 in payouts and 20 “Master of Pwn” points.

Second in the rankings was the Devcore trio of researchers Orange Tsai, Angelboy and Meh Chang, who showed off six successful attacks and claimed a total of $180,000.

The achievement continued a busy year for Orange Tsai in particular. In late 2020, they discovered and reported the ProxyLogon flaws in Microsoft Exchange Server, which were exploited by nation-state hackers prior to being patched. In August, the researcher took to the stage at Black Hat 2021 to discuss their discovery of ProxyShell Exchange bugs, which had been disclosed and patched in April.

Printers were also targeted in the event. Ten different entries were launched against either the Canon ImageCLASS MF644Cdw or Lexmark MC3224i. The ZDI noted that when researchers from Synactiv demonstrated a heap overflow attack against the MF644Cdw, it marked the first successful printer hack in the competition’s history.

The contest ended on Friday with researchers from NullRiver successfully exploiting two flaws in the Netgear R6700v3 router. The ZDI says that it paid out $1,081,250 in rewards over the four-day competition and received 60 new zero-day vulnerabilities.

Not every device put in the crosshairs has been successfully…