Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy The Almighty Buck

White Hat Hackers Earn $500,000 On First Day of Pwn2Own Ireland 2024 (securityweek.com) 3

An anonymous reader quotes a report from SecurityWeek.com: White hat hackers taking part in the Pwn2Own Ireland 2024 contest organized by Trend Micro's Zero Day Initiative (ZDI) have earned half a million dollars on the first day of the event, for exploits targeting NAS devices, cameras, printers and smart speakers. The highest single reward, $100,000, was earned by Sina Kheirkhah of Summoning Team, who chained a total of nine vulnerabilities for an attack that went from a QNAP QHora-322 router to a TrueNAS Mini X storage device. Another exploit chain involving the QNAP QHora-322 and TrueNAS Mini X products was demonstrated by Viettel Cyber Security, but this team earned only $50,000.

A significant reward was also earned by Jack Dates of RET2 Systems, who received $60,000 for hacking a Sonos Era 300 smart speaker. QNAP TS-464 and Synology DiskStation DS1823XS+ NAS device exploits earned $40,000 each for two different teams. Participants also successfully demonstrated exploits against the Lorex 2K WiFi, Ubiquity AI Bullet, and Synology TC500 cameras, and HP Color LaserJet Pro MFP 3301fdw and Canon imageCLASS MF656Cdw printers. These attempts earned the hackers between $11,000 and $30,000. According to ZDI, a total of $516,250 was paid out on the first day of Pwn2Own Ireland for over 50 unique vulnerabilities.

This discussion has been archived. No new comments can be posted.

White Hat Hackers Earn $500,000 On First Day of Pwn2Own Ireland 2024

Comments Filter:
  • by sinkskinkshrieks ( 6952954 ) on Thursday October 24, 2024 @12:40AM (#64889427)
    iX Systems or Zerodium.
    • by AmiMoJo ( 196126 )

      It's a good question: Why aren't these companies hiring these people as a matter of routine product testing?

      I guess customer security and avoiding embarrassment aren't worth the cost.

      • Bug Bounty is the independent contractor, ie Gig work, of cyber security. Why pay six figures including benefits to a handful of people every year, when you can have hundreds/thousands of people testing your stuff for free and only having to shell out intermittent lump sums?

        I'm honestly disappointed that 'hackers' participate in bug bounties. The programs and platforms do just about everything they can to not pay you. If you don't have some celebrity about you, you pretty much still have to tiptoe around

The question of whether computers can think is just like the question of whether submarines can swim. -- Edsger W. Dijkstra

Working...