We have another collision. The DEVCORE Research Team (@d3vc0r3) successfully exploited the Lorex 2K camera, but they used a bug previously seen in the contest. They still earn $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIreland

I thought I understood the extent to which the broad availability of mobile location data has exacerbated countless privacy and security challenges. That is, until I was invited along with four other publications to be a virtual observer in a 2-weeek test run of Babel Street, a service that lets users draw a digital polygon around nearly any location on a map of the world, and view a time-lapse history of the mobile devices seen coming in and out of the area.

The issue isn't that there's some dodgy company offering this as a poorly-vetted service: It's that *anyone* willing to spend a little money can now build this capability themselves.

I'll be updating this story with links to reporting from other publications also invited, including 404 Media, Haaretz, NOTUS, and The New York Times. All of these stories will make clear that mobile location data is set to massively complicate several hot-button issues, from the tracking of suspected illegal immigrants or women seeking abortions, to harassing public servants who are already in the crosshairs over baseless conspiracy theories and increasingly hostile political rhetoric against government employees.

https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

Yes- I’m looking at you!

Wow…. https://www.windowscentral.com/microsoft/report-arm-is-sensationally-canceling-qualcomms-chip-license-oct-2024

As a reminder - you can find all of the results from Day Two of #Pwn2Own Ireland at https://www.zerodayinitiative.com/blog/2024/10/23/pwn2own-ireland-2024-day-two-results #P2OIreland

#directorytraversalmemes

Confirmed! PHP Hooligans / Midnight Blue (@midnightbluelab) used a command injection bug to get code execution on the Synology BeeStation BST150-4T. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OIreland

Confirmed! Chris Anastasio (@mufinnnnnnn) & Fabius Watson (@FabiusArtrel) of Team Cluck used two bugs (incl a CLRF injenction) in a beautiful chain to exploit the QNAP TS-464 NAS. The second round win earns them $20,000 and 4 Master of Pwn points. #Pwn2Own #P2OIreland

In out fist video highlight of Day Two, we see Ken Gannon (@Yogehi) bring 5 bugs and a tone of emotion to bear against the #Samsung Galaxy. #Pwn2Own @P2OIreland https://youtube.com/shorts/eM9dOhHH2AA?feature=share

Boom! It took no time at all for the Viettel Cyber Security (@vcslab) team to exploit the HP Color LaserJet Pro MFP 3301fdw printer. They head of to the disclosure room to provide all the details. #Pwn2Own #P2OIreland

#NoContext @hack_lu #hacklu2024

Nice! Chris Anastasio (@mufinnnnnnn) & Fabius Watson (@FabiusArtrel) of Team Cluck successfully exploited the QNAP TS-464 NAS. They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OIreland

Sweet! The InfoSect (@infosectcbr) team successfully exploited the Sonos Era 300 speaker. They head of to the disclosure room to divulge how they did it. #Pwn2Own #P2OIreland

We have another bug collision. The Tenable Group used a stack-based buffer overflow to exploit the Lorex 2K camera, but the bug had already been used in the contest. They still earn $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIreland