Pwn2Own Hacking Event Expands to Industrial Control Systems

The Pwn2Own hacking competition that will take place in Miami South Beach in January 2020 will also include popular Industrial Control Systems (ICS) protocols and software for the first time.

This year, as part of the 2019 contest that took place in Vancouver, ethical hacking teams also had the chance to hack their way into a Tesla Model 3’s Chromium-based infotainment system in the newly introduced automotive category.

“In 2018, the ZDI purchased 224% more zero-day vulnerabilities in ICS software compared to the previous year. This growth is sustaining in 2019 so far, which proves the increasing need to identify vulnerabilities and harden these systems before they are exploited,” adds Trend Micro.

Focused on ICS vulnerabilities

While Trend Micro’s Zero-Day Initiative (ZDI) previously updated the contest with new categories, next year’s Pwn2Own competition will focus only on ICS software as part of its effort to follow new emerging threat trends.

Thus, the Pwn2Own Miami South Beach will have the following five categories:

• Control Server
• OPC Unified Architecture (OPC UA) Server
• DNP3 Gateway
• Human Machine Interface (HMI) / Operator Workstation
• Engineering Workstation Software (EWS)

“As IT and OT converge under Industry 4.0 and digital transformation initiatives, security gaps are emerging that can be exploited to sabotage key production processes and steal sensitive intellectual property,” Trend Micro senior director of vulnerability research Brian Gorenc said.

“By expanding our long-running Pwn2Own competition, we hope to raise awareness about the importance of protecting these environments and provide actionable insight for ICS vendors and customers to help improve their security.”

While new vulnerabilities will be discovered and exploited during the Pwn2Own 2020 contest, the ZDI will be work with ICS vendors to responsibly disclose all security issues found in their software to encourage timely patch releases.

Eight targets and over $250,000 in cash prizes

The table below shows the ICS products that will be targeted by the hacker teams that will register for next year’s Pwn2Own, together with the cash prizes they can earn.

TargetPayloadCash PrizeMaster of Pwn Points
Iconics Genesis64Unauthenticated Crash or Denial-of-Service$5,000 (USD)5
Information Disclosure$10,000 (USD)10
Remote Code Execution$20,000 (USD)20
Inductive Automation IgnitionUnauthenticated Crash or Denial-of-Service$5,000 (USD)5
Information Disclosure$10,000 (USD)10
Remote Code Execution$20,000 (USD)20
Unified Automation
ANSI C Demo Server
Unauthenticated Crash or Denial-of-Service$5,000 (USD)5
Information Disclosure$10,000 (USD)10
Remote Code Execution$20,000 (USD)20
OPC Foundation
OPC UA .NET Standard
Unauthenticated Crash or Denial-of-Service$5,000 (USD)5
Information Disclosure$10,000 (USD)10
Remote Code Execution$20,000 (USD)20
Triangle Microworks SCADA Data GatewayUnauthenticated Crash or Denial-of-Service$5,000 (USD)5
Information Disclosure$10,000 (USD)10
Remote Code Execution$20,000 (USD)20
Rockwell Automation
FactoryTalk View SE
Unauthenticated Crash or Denial-of-Service$5,000 (USD)5
Information Disclosure$10,000 (USD)10
Remote Code Execution$20,000 (USD)20
Schneider Electric EcoStruxure Operator Terminal ExpertRemote Code Execution$20,000 (USD)20
Rockwell Automation
Studio 5000
Remote Code Execution$20,000 (USD)20

Next year’s Pwn2Own hacking contest will take place at the S4 conference in Miami South Beach between January 21 and 23, and it will run across five ICS software categories with cash payouts for all successful entries, as well as more than $250,000 in cash prizes.

“Being in ICS security for 20+ years, I have worked closely with vendors and the security community to protect the critical assets that live within industrial systems and vulnerabilities are an ongoing part of this work,” S4 Events founder and program chair Dale Peterson said.

“Finding and patching bugs in these platforms isn’t easy. I’m excited to have the ZDI pointing their skilled community toward these targets at Pwn2Own Miami, to help expose these flaws so they can be properly addressed.”

By Sergiu Gatlan