Hackers from ‘security researchers’ win $800,000 in prizes for exploiting Windows 11 and Teams

Participants in a hacking contest raised more than $800,000 in prize money after finding exploits in Windows 11, Microsoft Teams and other enterprise software on day one. During this 15th edition Pwn2Own Vancouver competition, teams discovered 16 zero-day bugs in various products like Firefox, Oracle Virtualbox, Windows 11 and other popular enterprise software.

Pwn2Own Vancouver 2022 is a three-day hacking competition sponsored by Microsoft, Zoom and other major tech companies. Teams of hackers or ‘security researchers’ try to find zero-day vulnerabilities in your software to win cash prizes.

Think of it like bug bounties, except with more money and praise. A day zero is a software exploit or vulnerability that an attacker can discover, one that software manufacturers are not yet aware of; there is no patch, and the attack will likely succeed. Known bugs or exploits are not valid for rewards.

Currently, eight teams have claimed at least $40K in prizes, with STAR Labs leading the way with $230K and 23 Master of Pwn points. The terminology might be a little worn out, but at least the hackers seem to be having fun flaunting countless exploits in Microsoft Teams that are making a lot of money.

On day 2, teams will shift focus from enterprise software to automobiles. Tesla is offering over $1,000,000 in cash and prizes, including a Telsa Model 3 and a Model S to any team that can hack a Tesla.

The current reward for hacking one of these high-tech electric cars is $600,000 plus the car itself. Hackers will attempt to exploit zero-days in the Tesla Model 3’s infotainment system, recently discovered as the center of an overheating issue that resulted in a recall of more than 130 thousand cars.

Once the contest comes to an end, participating vendors have 90 days to provide fixes for all vulnerabilities disclosed during the event. You can follow Pwn2own on Zero Day Initiative Twitter account.

Leave a Comment