HP LaserJet Pwned By Hackers Gets Turned Into An AC/DC Cranking Boombox
These "white hat" hackers hunt for security holes and application exploits, then report them to vendors to claim bug bounties, but some vendors are either unwilling to pay for such services or are simply difficult to contact. Back in 2005, Trend Micro set up the Zero Day Initiative for exactly that reason. It's a group that works with security researchers to identify "zero-day" vulnerabilities in tech products and then act as an intermediary with the vendors to see them fixed.
The Zero Day Initiative sponsors multiple yearly events called Pwn2Own, where hackers gather to make time-limited attempts to exploit specific products. This year's event in Austin was the largest-ever, with 58 total entries from 22 different security teams. Contestants have 30 minutes to deploy their exploit and gain unapproved privileges, remote code execution, or other unauthorized access to their targets.
(Sound On) Confirmed! The team from @FSecureLabs used a stack-based buffer overflow to take over an HP LaserJet and turn it into a jukebox. Their efforts earn them $20,000 and 2 Master of Pwn points. #Pwn2Own https://t.co/3kqn5Cr7Y4— Zero Day Initiative (@thezdi) November 4, 2021
Not to worry, though; the ZDI doesn't disclose or publish the exploits used. Instead, it will contact the vendors and make sure these holes are closed up as soon as possible. The contestants took home a total of $886,250 among them, with French security team Synacktiv claiming the "Masters of Pwn" trophy this year by earning some $197,500 and fully 20 points in the competition.