White hat hackers have managed to compromise Windows 11 three times in a single day during a recently held hacking contest, raising questions on the software's security.
The first contestant was nghiadt12 from Viettel Cyber Security, who abused a Windows 11 escalation of privilege exploit, via Integer Overflow. The second and the third ones were Bruno Pujos and vnhthp1712 from REverse Tactics, who used Use-After-Free and Improper Access Control vulnerabilities to escalate privileges on the target endpoint.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Hacking a car
Besides three successful attempts, there was also an unsuccessful attempt by Team DoubleDragon, which failed to demo the exploit within the deadline.
Ubuntu Desktop was also successfully hacked once, by STAR Labs' Billy Jheng Bing-Jhong it was added. Use-After-Free exploit was used in this attack, as well.
Since 2019, the competition has added a brand new category - automotive infotainment systems. This year, such a system in the Tesla 3 car was hacked. According to the media, a group called Sznactiv demonstrated a sandbox escape exploit in the infotainment system, allowing the attacker to assume control over the built-in computing device.
The group was awarded $75,000 for the bug, but said that it could also be used to launch stage-two attacks with malware that could be a lot more destructive, and could even allow for full device takeover. Completely hacking a Tesla Model 3 earns the participant $600,000 and the car itself, Kurritu.org reported.
More than a million dollars was paid out in rewards for the successful hacks, with vendors now having 90 days to fix the issues. Should they fail to meet the deadline, Trend Micro’s Zero Day Initiative will publicly disclose the flaws.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.