Hackers earn $990k for 63 zero-days exploited at Pwn2Own Toronto

I remember reading somewhere that hardcore foreign teams stopped going to pwn2own once they realized that they were<p>1) effectively disclosing valuable zero days in a dark room 2) to the tagert manufacturer 3) and the pwn2own organizer who happens to be indirectly sponsored by the NSA<p>In exchange for what is pretty much just kudos and pocket change

Interesting that they didn&#x27;t mention in the summary that exploits were found for both a Samsung Galaxy and a Tesla head unit.<p>What type of knowledge do these people have? Networking? File systems? Linux kernels? How do they get started?

Firecracker shows how low overhead VM’s can be. It feels like more of systems should have a harder boundaries, limiting impact of exploits.

Money well spent, just think of the damage these could do if unpatched. These types of events are a great investment for the companies.

Seems like us probably 1&#x2F;100 of what they could have earned on the market

Glad they found those vulns but I imagine one could fetch a lot more on less legitimate markets.

Is this hacking of a phone they have in their hands and connect it to a computer with a wire?

It seems like the name is bit of a misnomer though. Perhaps Pwn2Sell?

Ok, ok, we get it. The Samsung Galaxy is an insecure phone.

Not exactly related, but in my opinion, the quality of software has decreased in recent years. This is not unexpected.