Pwn2Tokyo, the annual hacking contest has wrapped up its first day and last year flagship devices like Samsung Galaxy S9, iPhone X and Xiaomi Mi 6 have already been hacked, earning hackers a bounty of more than half a million dollars.
According to Zero Day Initiative, of the organizers of the event — “Fluoroacetate” team (Amat Cama and Richard Zhu) was the first to exploit Xiaomi Mi 6 with the help of device NFC.
They used the touch-to-connect feature to force open up their specially crafted web page, on the device browser. Following which they leveraged an out-of-bounds write bug affecting WebAssembly to achieve code execution. The researchers earned $30,000 for this hack.
The same team was able to exploit Samsung Galaxy S9 which involved a heap overflow in the device’s baseband component. This hack fetched them a sum of $50,000. Fluoroacetate was also able to hack iPhone X via Wifi using a Just-In-Time (JIT) bug, and an out-of-bounds write flaw, which grabbed another $60,000.
This was only one day of the Pawn2Tokyo; more hacks will be coming soon enough. Last year, devices like Samsung Galaxy S8, Huawei Mate 9 Pro and iPhone 7 were hacked many times, for which hackers received a cash price of $500,000.