WhatsApp Zero-Click Vulnerability Exploit Worth $1 Million in Pwn2Own Competition
The upcoming Pwn2Own competition, organised by Trend Micro's Zero Day Initiative (ZDI), is set to take place from October 21 to 24 in Cork, Ireland. This marks the second time the event is being held in Ireland.
This year, Meta is the main sponsor, with Synology and QNAP also lending their support. The competition focuses on consumer products, with a range of popular devices under the spotlight.
In the mobile handset section, the Samsung Galaxy S25, Google Pixel 9, and Apple iPhone 16 will be targeted. Other products in the competition include QNAP, Ubiquiti, and Nest SOHO devices, Amazon, Philips, and Sonos smart home devices, Meta Quest headsets, Ray-Ban Smart Glasses, and printers, NAS devices, surveillance system devices, and wearables from various manufacturers.
The competition is particularly interested in zero-click WhatsApp web vulnerabilities that lead to code execution. Only such vulnerabilities will be considered for a $1m prize. In the past, zero-click WhatsApp exploits have been used to deliver malware like Pegasus by commercial spyware companies such as NSO Group.
The Pwn2Own competition has a total of eight categories this year. These include mobile phones, messaging, SOHO Smashup, smart home devices, printers, NAS devices, surveillance system devices, and wearables. Smaller awards will also be available for other find my device exploits.
The competition aims to incentivize security researchers to find exploits in a range of products and responsibly disclose the information for vendors to fix. Trend Micro will protect customers with virtual patches until a full update is available.
It's important to note that the NSO Group did not have a specific seat in Germany in 2022; however, its former CEO Shalev Hulio co-founded the cybersecurity startup Dream Security, which opened its first European office in Vienna, Austria, in 2022, not Germany.
The Pwn2Own competition has a history of awarding over $1,000,000 for over 70 unique zero-day vulnerabilities in the past. With the focus on WhatsApp this year, the competition promises to be an exciting event in the cybersecurity world.
Read also:
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
