Pwn2Own Miami Hackers Make $400,000 Targeting Industrial Systems

pcmag.com:

Pwn2Own Miami has come to a close, and Zero Day Initiative says participants earned more than $400,000 for demonstrating vulnerabilities in popular industrial control systems (ICS).

Zero Day Initiative gives vendors 120 days to address the vulnerabilities reported by Pwn2Own participants before they are shared publicly, so although we have some general information about the flaws, the nature of these zero-days probably won't be revealed until August.

Participants in Pwn2Own Miami 2022 earned between $5,000 and $40,000 for demonstrating 26 unique zero-day vulnerabilities in popular ICS products. Zero Day Initiative says there were some duplicate submissions, too, for which the reporting teams still earned $5,000.

The highest payout went to Sector 7 researchers Daan Keuper and Thijs Alkemade, who "used one of the more interesting bugs we've ever seen at a Pwn2Own to bypass the trusted application check on the OPC Foundation OPC UA .NET Standard," Zero Day Initiative says.

In addition to the $40,000 they earned for that particular vulnerability, Keuper and Alkemade reported three other zero-days during the competition, as well as one flaw that other researchers also discovered. They earned a total of $90,000 for these four vulnerabilities and one duplicate.

The discoveries also earned Keuper and Alkemade a total of 90 points toward the Master of Pwn competition. This put them in the lead, with researchers at Incite Team following with 80 points, and the remaining contestants ending with anywhere from five to 45 points.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter