In the 2019 Pwn2Own hacking contest, two researchers have been crowned as the top hackers after developing and testing several major league tech exploits including Amazon Echo. Members of Team Fuluoroacetate, Amat Cama and Richard Zhu, won $60,000 in a bug bounty program for discovering a security exploit in the Alexa powered smart display “Amazon Echo Show 5.”
The latest Amazon Echo Show 5 uses an older version of Chromium (Google’s open-source browser) which had been forked during its development phase. Researchers used this vulnerability to introduce a bug into the system and retain “full control” of the device by connecting it to a malicious Wi-Fi hotspot.
“This patch gap was a common factor in many of the IoT devices compromised during the contest,” stated Brian Gorenc, director of Trend Micro’s Zero Day Initiative, which conducts the Pwn2Own contest.
The research was conducted in a radio-frequency free arena in order to prevent any unwanted interference from the outside.
Amazon responded to the issue by stating that its “investigating this research and will be taking appropriate steps to protect our devices based on our investigation,” but was unclear on how they’ll be dealing with the vulnerability or when.
Several other internet-connected devices were present in the contest like Facebook’s portal but researchers were unable to find any vulnerability in the video calling-enabled smart display which was unveiled in September.