Hackers will now have access to Facebook’s latest attempt at a hardware line-up at the annual Pwn2Own hacking contest. The device was released in 2018, at the height of Facebook’s privacy blunders, but was still expected to make some serious headway into the professional segment of the market.
Now, perhaps to preemptively prevent hackers from gaining access to everything from your face to your daily habits, Facebook wants to find any potential flaws in the device before a bad actor does.
What Is Pwn2own?
It’s one of the largest hacking contests in the world. Device and software manufacturers put a substantial amount of money up for grabs if anyone is able to find vulnerabilities in their hardware, and the hackers are given free access to any tools they need.
Of course, physical attacks are out of the question – the real challenge is to hack into a device and control it at a distance.
Any hacker that’s able to do so is granted cash prices and other gifts that can be worth as much as $300,000. This year’s event is going to be held in Tokyo and should dish out cash and other prizes worth well over $750,000.
Finding Bugs Before They Do
The spirit of presenting a device to hackers is normally in order to find zero-day vulnerabilities. Before any manufacturer or developer releases their device into the wild, they do a lot of internal testing for bugs and vulnerabilities themselves.
This process is far from perfect, and developers could potentially release, say, a phone, with a critical vulnerability. Any bad actor with the right set of tools can gain access to the phone and steal data or worse. Vulnerabilities such as this, present at release and developers don’t know about, are called zero-day vulnerabilities.
Everything from smart home devices to cars are presented at the show. In fact, Tesla was part of the program last year when the Model S was first released. A pair of white-hat hackers discovered a critical memory vulnerability in the car’s browser and won $375,000.
Facebook is offering anyone able to hack the device $60,000 for being able to remotely inject code into the device. Other bugs like privilege escalation can bring in $40,000.
Other Devices Present
Pwn2Own is run by Japanese firm Trend Micro, and introducing the Portal is probably part of a push for the company to widen the visibility of the event. The event initially began as a way for browser makers like Firefox and Safari to find bugs before bad actors did.
This new move increases the number and range of devices the company has available for researchers that will be in attendance.
The only device other than the Portal that Facebook will make available at the event is the Oculus Quest. Some popular devices available at the event include an Amazon Echo, Amazon Cloud Can, Nest Hub Max and a Nest Cam IQ Indoor.