Viettel’s team wins Pwn2Own 2024 for second time

PANO - On October 28, the Military Industry-Telecoms Group (Viettel) announced that its Viettel Cyber Security (VCS) team had secured Master of Pwn for the second time at Pwn2Own 2024 in Ireland.

Viettel officially launches 5G network

More than 3 million Viettel subscribers switch to 4G last August

Viettel and smartphone revolution for every citizen

Pwn2Own is one of the world’s premier cybersecurity competitions, where white-hat hackers and security researchers from across the globe compete to discover and exploit zero-day vulnerabilities in popular devices like smartphones, security cameras, office equipment, and widely used business software.

Viettel Cyber Security team wins Master of Pwn at Pwn2Own 2024 in Ireland.

In the 2024 competition, VCS team discovered and exploited nine zero-day vulnerabilities in products by HP, Canon, Synology, and QNAP Systems, scoring a total of 33 points - nearly double that of the second-place Team Cluck from the United States, which scored 17.25 points. Other top-ranking teams were Midnight Blue from Europe, Neodyme from Germany, and DEVCORE from Taiwan (China), all had strong showings in past security contests.

Each discovered vulnerability garnered rewards between USD 20,000 and USD 50,000, with the total prize pool reaching approximately USD 1 million. Viettel’s team earned over USD 200,000 in prize money. The vulnerabilities that VCS team uncovered will assist manufacturers in enhancing device security, helping protect the privacy and data of individuals and businesses.

Pwn2Own 2024 featured eight categories, with a focus on devices incorporating artificial intelligence (AI). This year’s competition required participants not only to be well-versed in coding but also to understand how AI systems handle, process, and operate data within these devices. VCS team achieved successful exploits in such categories as surveillance cameras, smart speakers, printers, network-attached storage (NAS), and small office/home office (SOHO) routers.

The challenge was heightened as most AI-equipped devices are now designed with dynamic protection layers, including machine-learning-based user recognition and anomaly detection systems, which automatically update to detect abnormal behaviors. Consequently, finding vulnerabilities on these devices has become significantly more complex.

The competition was launched by the Zero Day Initiative (ZDI), a program created by Trend Micro in 2005 to promote the discovery and disclosure of previously unknown security vulnerabilities (zero-day), enhancing user protection. Since its inception in 2007, Pwn2Own has provided a platform for security experts to identify and report zero-day vulnerabilities, with ZDI collaborating with software developers to address and resolve these issues to ensure users’ safety and cybersecurity.

Translated by Trung Thanh