Pwn2Own Tokyo 2019 – Day One ResultsNovember 06, 2019 | Dustin Childs
The first day of Pwn2Own Tokyo 2019 has come to a close, and some amazing research was demonstrated throughout the day. In total, we awarded $195,000 for 12 total bugs. The day saw nine successful attempts against seven targets in five categories.
Next up, Pwn2Own newcomers Pedro Ribeiro and Radek Domanski of Team Flashback targeted the LAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700). The Router category is new for this year’s event, and several entrants decided to test their skills against the ubiquitous devices. Pedro and Radek had no problems leading the way by using a stack-based buffer overflow to get a shell on the router. Their first foray into the Pwn2Own world earned them $5,000 and .5 Master of Pwn points.
Next, the Flashback duo of Pedro Ribeiro and Radek Domanski targeted the WAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700) in the Router category. Although the attempt took some time due to the device starting up, they were able to remotely modify the router's firmware such that their payload persisted across a factory reset. That’s pretty much the definition of persistence. They earned $20,000 and 1 more Master of Pwn point for their successful demonstration.
In their final attempt of the day, Pedro Ribeiro and Radek Domanski targeted the LAN interface of the TP-Link AC1750 Smart WiFi router. They used a total of three different bugs – starting with a command injection vulnerability – to get their code executed on the target. They earned themselves another $5,000 and .5 Master of Pwn points. That brings their total winnings on the first day of their first Pwn2Own to $30,000. Not a bad first day.
The team from F-Secure Labs - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro – were up next also targeting the TP-Link AC1750 Smart WiFi router. Although they had a successful demonstration (complete with synchronized lights on the router), the exploit used some of the same bugs as a previous contestant. It still qualified as a partial win, but no Master of Pwn points were awarded. It was still a great demonstration – especially the “Vegas lights” on the router.
The final event of the day saw the F-Secure Labs crew return to target the Xiaomi Mi9 handset in the Web Browser category. They had a partial success. Their demonstration was successful thanks to a couple of chained logic bugs. However, one of the bugs was known to the vendor. That’s makes it a partial win, but the team still receives $20,000 and 2 Master of Pwn points.
That wraps up the first day of Pwn2Own Tokyo 2019. We’ve seen some exciting research and set quite a few “firsts” for our contest: first television, first router, and first home automation. Tomorrow looks to be just as exciting, with both baseband attempts occurring first thing in the morning. As with today, we’ll be live updating the blog with results as they occur.
Stay tuned to our Twitter feed and this blog for tomorrow's results as we wrap up Pwn2Own Tokyo 2019.