Nov 11 — Two security researchers won the title of “top hacker” for discovering vulnerabilities in Amazon Echo and Samsung’s Galaxy S10 in this year’s Pwn2Own hacking contest in Tokyo, Japan, foreign media reported.
Pictured: Team Fluoracetate by Amat Cama (left) and Richard Zhu
Amat Cama and Richard Zhu, who formed the so-called Team Fluoroacetate, discovered vulnerabilities in the latest Amazon Echo Show 5, an Alexa-based smart display. A $60,000 bonus was awarded for this.
Two researchers found that the device used an older version of Google’s open-source browser project Chromium, and that newly discovered vulnerabilities allowed them to “fully control” the device when it connected to a malicious Wi-Fi hotspot. The researchers tested their findings in the RF shielding enclosure to prevent any external interference.
Amazon has said it is “investigating the study” and will take action to fix the vulnerability if necessary, but it has no timetable for fixing the vulnerability.
Meanwhile, Kama and Richard took advantage of a vulnerability in Java Script to get photos of the Samsung Galaxy S10, for which they won a $30,000 prize. They received a total of $195,000 in bonuses after testing vulnerabilities on Samsung’s TVs and Xiaomi laptops.
Companies that provide these devices now have 90 days to fix the vulnerability through software updates before releasing details to the public.
Hosted by Zero Day Initiative, the Pwn2Own event invites “white hat” hackers to find previously unknown vulnerabilities in the products of large technology companies and can be paid a high price.
For the third year in a row, Team Fluoroacetate has been awarded the top title, “Master Pwn”.
Earlier this year, Kama and Richard were awarded $375,000 for discovering a vulnerability in Tesla’s Model 3 software. Tesla quickly fixed the problem with a wireless upgrade.