Pwn2Own Pays Out Almost $1m To Ethical Hackers

Pwn2Own paid out almost $1 million to bug hunters at last week’s consumer product hacking event in Toronto, but the prize money wasn’t big enough attract attempts at cracking the iPhone or Google Pixel because miscreants can score far more from less wholesome sources.

“We were offering our top award for those,” said Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative (ZDI). 

The contest planned to give away $250,000 for a successful iPhone or Google Pixel exploit, he told The Register, in an exclusive interview at the end of the four-day event. “And that’s just simply not enough zeros for the level of research that it takes to get those phones.” Childs said. 

“We talk to people across different sectors as far as the bug economy goes, and some of the things that we’ve heard is to get a zero-click iPhone exploit, the price can go up to $15 million.”

Meanwhile, four teams did attempt Samsung Galaxy exploits, and three were successful, winning $50,000 as the top prize for hacking the Korean giant’s flagship smartphones. Those, too, could sell for a lot more on the criminal marketplaces. “That’s probably at least $2 million to $3 million right there,” Childs said.  

The Register does not suggest security researchers should sell zero-days for millions of dollars instead of disclosing them to vendors that, hopefully, will fix the holes and use this information to make their products more secure. But the fact that there’s a ton of

Read more

Explore the site

More from the blog

Latest News