Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
upstart writes in with an IRC submission for SoyCow420:
Work From Home Hackers Make $130,000 In 48 Hours From Windows 10 Exploits:
Those of you who follow my reporting may already be familiar with Pwn2Own, a series of hacking events that test some of the most talented hackers across the world. These elite security researchers have been trying to exploit popular software, hardware and services since 2007 in exchange for the kudos. And money. Lots of money. In November 2019, during the Pwn2Own Tokyo event, a total of $315,000 (270,300), including one hacking group which earned $80,000 (68,500) for hacking the Samsung Galaxy S10. Twice. That hacking group was Team Fluoroacetate, Amat Cama and Richard Zhu, who ended up earning a total of $195,000 (167,000) and the coveted "Master of Pwn" title by the time the event was over. It looked like these master hackers wouldn't be able to defend that title as coronavirus travel restrictions, and fear of infection, threatened to cancel the Pwn2Own 2020 event taking place at the CanSecWest cybersecurity conference in Vancouver, Canada.
They need not have worried, as the event went virtual for the first time. This involved the various hackers submitting exploits in advance to the Pwn2Own organizers, who then ran that code during a Zoom live stream involving all the participants. The Zero Day Initiative that runs the Pwn2Own event said: "The world right now is a tumultuous place full of uncertainty. It is communities, such as the security research community and the incident response community, that we can rely on during these trying times. We are so appreciative of all those who helped the event come together and succeed."
The work from home hackers from Team Fluoroacetate certainly succeeded, winning the Master of Pwn title once again, along with that $130,000 bounty. While the full details of how they exploited Windows 10 and Adobe Reader will not be made public for 90 days to allow the vendors to produce security patches, I can tell you what they did in broad terms.
For the curious, here is Wikipedia's entry on sodium fluoroacetate, a poisonous substance with no known antidote.
Read more of this story at SoylentNews.