The Synacktiv Frenchies Raid at Pwn2Own Vancouver


The raid is impressive! Synacktiv’s computer security researchers flew past the latest edition of the Pwn2Own Vancouver hacking competition by winning more than half of the financial prize pool at stake, just over a million dollars. With 53 points, the hackers of this French penetration testing specialist left the Canadian west coast with a total of $530,000 and a Tesla Model 3.

According to the specialized newsletter Risky Business, this is the biggest check won by a competitor in this competition launched in 2005. Organized by the Zero Day Initiative, an organization supported by the cybersecurity publisher Trend Micro, this competition aims to put ethically unearth hitherto unknown software vulnerabilities, the so-called zero-day flaws.

Successful attacks against Teslas

Most of the points won by Synacktiv relate to flaws discovered in Tesla cars, one of the company’s recurring playgrounds. Last year, she had already managed to open the trunk, turn on the headlights and activate the windshield wipers through the infotainment system of a Tesla Model 3.

Despite the patches made by the automaker, Synacktiv researchers have again found a flaw in this software. We do not know for the moment the precise details of their maneuver, a way to give Elon Musk’s company time to patch its product. We know, however, that ethical hackers have notably used the heap overflow technique (Buffer or heap overflow), these saturations of the buffer memory which allow the execution of malicious code.

Previously, they had already managed to execute a “time-of-check to time-of-use” (Toctou) attack, again against a Tesla, a method that can allow the execution of invalid actions. Computer security researchers have finally found flaws relating to the Windows 11, macOs and Ubuntu Desktop operating systems, and finally to the Oracle VirtualBox virtualization software.





Source link -97