Pwn2Own Miami: hackers earn $400,000 by cracking ICS platforms


The insecurity of industrial control laid bare during the competition

The second edition of Pwn2Own Miami launched dozens of previously unknown exploits on industrial control systems, earning security researchers $400,000 in payouts in the process.

Pwn2Own Miami followed a similar format to more established Trend Micro’s Zero Day Initiative hacking contests, but with a different focus on industrial control systems (ICS) rather than computers or mobile devices.

At the end of the three-day event, Daan Keuper (@daankeuper) and Thijs Alkemade (@xnyhps) of the team IT Sector 7 were crowned Master of Pwn with 90 points and $90,000.

Other researchers and bug bounty hunters successfully demonstrated previously unknown zero-day vulnerabilities in industrial control platforms at the event, which organizers hailed as an unqualified success.

Dustin Childs, communications manager for Trend Micro’s ZDI program, said The daily sip: “This year’s competition was three days of great research highlighted. We awarded $400,000 for 26 unique achievements.

“Our inaugural competition awarded $280,000, so it was great to see the competition grow – especially after being delayed due to the pandemic.”

Keep up to date with the latest Internet of Things (IoT) security news

A variety of clever and subtle attacks against industrial control systems were developed and showcased during the event.

On the web security front, Sam Thomas, research director at UK security consultancy Pentest, was straight out of the rap on day one by demonstrating an authentication bypass and deserialization bug to get the execution of code on the Inductive Automation Ignition SCADA control software platform. .

The contest was a worthwhile exercise for the participants, according to Thomas.

Thomas Told The daily sip: “Like always [it was] a fun contest with interesting goals. [ I was] lucky to be fired first, but it looks like there aren’t many duplicates on that particular target, which is interesting to see hopefully [I will] possibility of finding something else for next year.

Other researchers separated out a variety of other platforms, as detailed in a comprehensive recap of the contest hosted by ZDI.

DO NOT MISS Hack Me, I’m Famous: Bug Bounty hackathon nets security researcher €10,000 overnight

Childs said, “One of the highlights was the Computest team’s bypass of trusted application verification in the OPC Foundation OPC UA .NET standard. Not only does the bug have a wide impact, but it’s one of the best submissions we’ve ever seen at a Pwn2Own event.

“Others that stood out were the buffer overflow used by Claroty Research against Kepware KEPServerEx and the double release bug used by Axel ‘0vercl0k’ Souchet against Iconincs Genesis64,” they added.

More editions of the ICS-focused edition of Pwn2Own’s larger roster are in the works. Trend Micro ZDI said The daily sip that he wanted to build momentum behind the event by persuading more industrial control system vendors to become more closely involved.

“We’ve seen some amazing exploits, and I know vendors are already working hard to develop fixes for bugs that we’ve disclosed to them,” Childs said.

“We are pleased with the growth we have seen this year and would like it to continue. Ideally, we can partner with more vendors within the ICS/SCADA community to ensure we have the right targets and provide them with the best possible bugs to fix before they are exploited by malicious actors.

RELATED Pwn2Own Miami: Hackers Win $250,000 in Prizes in Inaugural ICS Security Contest


Comments are closed.