November 11, 2019
Team of 'white hat' hackers found bugs in Amazon Echo and Galaxy S10
A team of leading security researchers was recently crowned top hackers after finding vulnerabilities across multiple devices including an Alexa-powered Amazon Echo and a Samsung Galaxy S10.
Amat Cama and Richard Zhu, who go by Team Fluoroacetate, compromised the devices at an international bug bounty event called Pwn2Own in Tokyo late last week. The event, hosted by Zero Day Initiative, is home to "white hat" hackers who are paid top dollar if they find previously unknown bugs in gadgets supplied by big tech companies.
The vulnerability Cama and Zhu found in the Echo allowed them to "take control" of the gadget, according to Pwn2Own. And finding the bug earned them $60,000. Amazon told Tech Crunch the company is "investigating this research" and will take action to correct its devices if necessary.
Amazon didn't offer a timeline for getting the bug patched.
The hackers used a bug in Java Script to gain access to a photo on the Samsung Galaxy S10, earning them $30,000. In total, they took home $195,000 after targeting a Samsung television and a Xiaomi laptop.
For the third year in a row, Team Fluoroacetate was awarded the top "Master of Pwn" title.
Now, the companies that offer the devices have 90-days to fix the vulnerabilities through software updates before details are shared with the public.
After Cama and Zhu executed code on Tesla Model 3 software earlier this year, they were awarded $375,000. Tesla fixed the issue soon after via an over-the-air update.