Industrial control systems taken to pieces in ‘drama-filled’ live hacking event

The inaugural edition of Pwn2Own Miami closed its doors on January 23, 2020

The inaugural edition of Pwn2Own Miami closed its doors on Thursday (January 23), with organizers from Trend Micro’s Zero Day Initiative (ZDI) heralding the industrial control systems live hacking event a success.

Taking place as part of the S4 industrial security conference, Pwn2Own Miami took a similar format to ZDI’s established hacking contests in Vancouver and Tokyo, but with a specific focus on industrial control systems (ICS) instead of PCs or mobile devices.

Over the course of the three-day event, more than $250,000 in prizes were handed out, as hackers demonstrated a string of exploits that made short shrift of many leading ICS platforms that are used to run organizations within the manufacturing, heavy industry, and critical infrastructure sectors.

Among the highlights of Pwn2Own Miami, Steven Seeley and Chris Anastasio successfully demonstrated a denial-of-service (DoS) exploit against the Triangle Microworks SCADA Data Gateway.

The hackers went on to achieve remote code execution in both Inductive Automation’s Ignition platform and the Rockwell Automation Studio 5000 design software.

Pwn2Own Miami is the world’s first ICS-focused live hacking event

Operating under the ‘Incite Team’ banner, the pair netted a total of $50,000 and were crowned ‘Masters of Pwn’.

Discussing the reaction to the debut Pwn2Own Miami, Brian Gorenc, director of vulnerability research and head of Trend Micro’s ZDI program, told The Daily Swig: “It has definitely been a successful debut in the ICS world.

“We had tons of interest in the contest as the event approached, and it all played out on the contest floor. We have had over 10 successful entries, several partial wins, and a couple of failures. [It was a] very drama-filled event.”

He added: “Some of the most interesting entries involve the researchers chaining numerous vulnerabilities together to gain code execution. One of the teams chained five vulnerabilities together to gain code execution on an HMI target. Quite impressive!”

Looking ahead, Gorenc said ZDI would be looking to make more of an impact on the ICS space.

“[We] plan to continue to bring our unique brand of researcher engagement to this community,” he said.

“Vulnerabilities submitted in these targets will continue to be purchased through the ZDI program throughout the year. We hope the increased exposure with the ICS community will result in more submissions outside of Pwn2Own Miami.”

The team may have to wait a little while to advance their plans in the ICS sector, however, as preparations are already underway for the flagship Pwn2Own live hacking event, scheduled to take place in Canada in March.

“With just eight weeks between contests, the team will be hard at work to ensure the flagship contest is successful,” Gorenc said. “We look forward to seeing what research is demonstrated.”

Check out the ZDI blog for a full list of the exploits that were showcased during Pwn2Own Miami.

READ MORE Project Zero relaxes 90-day vulnerability disclosure deadline to boost patch adoption