Iziphumo zeentsuku ezine zokhuphiswano lwe-Pwn2Own Toronto 2023 ziye zashwankathelwa, apho ii-58 ezingaziwa ngaphambili ezinobungozi (i-0-day) kwizixhobo eziphathwayo, abashicileli, izithethi ezihlakaniphile, iinkqubo zokugcina kunye nee-routers zaboniswa. Uhlaselo lusebenzise i-firmware yamva nje kunye neenkqubo zokusebenza nazo zonke izihlaziyo ezikhoyo kunye noqwalaselo olungagqibekanga.
Isixa-mali esipheleleyo somvuzo esihlawulweyo sigqithise kwisigidi esi-1 seedola zaseMelika (i-$1038500). Iqela eliphumelele kakhulu, iQela leViettel, likwazile ukufumana i-180 lamawaka eedola zaseMelika kukhuphiswano. Abaphumeleleyo kwindawo yesibini (Iqela le-Orca) lifumene i-$116.250 lamawaka, kwaye abaphumeleleyo kwindawo yesithathu (DEVCORE) bafumene i-50 yeedola lamawaka.
Ngexesha lokhuphiswano, uhlaselo lwaboniswa olukhokelele ekuphunyezweni kwekhowudi ekude kwizixhobo:
- TP-Link Omada Gigabit Router (i-$100000 kunye ne-$31250 yokugqekeza nge-Lexmark CX331adwe umshicileli; $50000 ngokugeqa ngeQNAP TS-464 yogcino womnatha; $40750 ngokugeqa ngeSynology BC500 ikhamera; $50000 ye-31250 yomfanekiso womshicileli we-753 ye-MFSS ye-CansXNUMX kunye ne-MFXNUMX ).
- I-Synology RT6600ax router (i-$ 50000 yokukhwabanisa kunye ne-QNAP TS-464 yokugcina inethiwekhi).
- I-smartphone ye-Samsung Galaxy S23 (i-$ 50000 kunye neebhonasi ezintathu ze-25000 zeedola zokugqekeza usebenzisa ubuthathaka obubangelwa ukuqinisekiswa okunganeleyo kwedatha yangaphandle; $ 6250 ngokusebenzisa i-exploit eyaziwayo).
- I-Xiaomi 13 Pro smartphone (i-$ 40000 kunye ne-$ 20000).
- I-Synology BC500 yekhamera ye-CCTV (ibhaso le-30000 yeedola ngokugqekeza ngomngcipheko wokuphuphuma kwebuffer; $15000 ngokuxhaphaza okubandakanya ubuthathaka obuthathu; amabhaso amahlanu e-3750 yeedola lilinye ngokusebenzisa ukuxhaphazwa okwaziwayo).
- Ikhamera yokhuseleko ye-Wyze Cam v3 (i-$30000 yokusetyenziswa endaweni yomyalelo; i-$ 15000 ye-buffer overflow exploit; $15000 ye-exploit ebandakanya ubuthathaka obubini; $15000 ye-buffer overflow exploit kumqhubi ongenazingcingo kwi-kernel; i-$ 3750 isetyenziselwa ukuxhaphaza).
- Ukugcinwa kwenethiwekhi i-WD My Cloud Pro PR4100 (i-$ 40000 ngokuxhaphazwa okubandakanya ubuthathaka obubini).
- Ukugcinwa kwenethiwekhi ye-QNAP TS-464 (i-$40000 ye-exploit ebandakanya ubuthathaka obuthathu; $20000 ye-exploit ebandakanya ubuthathaka obubini; $20000 ye-exploit ebandakanya ubuthathaka obubandakanya ukulawulwa kwesiseko sokuhamba kunye nomyalelo wokutshintshwa; $12500 eyaziwayo kunye ne-exploit kakade.
- Umfanekiso weCanonCLASS MF753Cdw umshicileli (i-$20000 kunye neebhonasi ezintathu zeerandi ezili-10000 zokugqekeza ngokusebenzisa ubuthathaka bokuphuphuma kwe-buffer; $2500 kunye ne-$2500 yokusebenzisa i-exploit esele yaziwa).
- Umshicileli we-Lexmark CX331adwe (i-$20000 yorhwaphilizo lwememori yokuxhaphaza; i-$ 10000 ye-buffer overflow exploit).
- Umbala we-HP LaserJet Pro MFP 4301fdw umshicileli (i-$20000 ye-hack nge-buffer overflow vulnerability).
- I-Sonos Era 100 isithethi esingenazingcingo (i-60000 yeedola yokuxhaphaza kusetyenziswa ubuthathaka obubini obukhokelela ekufundeni kwimemori ngaphandle kwe-buffer kunye nokufikelela kwimemori emva kokuba ikhululiwe; $ 30000 kunye ne-18750 yeedola ngokugqekeza ngobungozi obubangelwa kukuphuphuma kwebuffer).
Ukongeza kolu hlaselo lukhankanywe ngasentla oluphumeleleyo, iinzame ezisi-7 zokusebenzisa ubuthathaka ziphele ngokusilela (iinzame ezintathu zokukrazula umfanekiso weCanonCLASS MF753Cdw umshicileli, iinzame ezimbini - Lexmark CX331adwe kunye neenzame ezimbini - Xiamoi 13 Pro).
Amacandelo athile ale ngxaki awakaxelwa. Ngokuhambelana nemiqathango yokhuphiswano, ulwazi oluthe kratya malunga nabo bonke ubuthathaka obubonakalisiweyo beentsuku ze-0 luya kupapashwa kuphela emva kweentsuku ezingama-90, ezinikwa abavelisi ukuba balungiselele uhlaziyo olususa ubuthathaka.
umthombo: opennet.ru