The first day of Pwn2Own Tokyo 2019 has come to a close, with Amazon Echo speakers, Samsung and Sony smart TVs, the Xiaomi Mi9 phone, and Netgear and TP-Link routers to get hacked.

In total, Pwn2Own awarded $195,000 for 12 total bugs. The day saw nine successful attempts against seven targets in five categories.

Our day began with Fluoroacetate (Amat Cama and Richard Zhu) targeting the Sony X800G television. It took no time for the Pwn2Own veterans to get a bind shell due to a JavaScript out-of-bounds (OOB) Read in the embedded web browser. Their first successful exploit of the contest earned them $15,000 USD and 2 points toward Master of Pwn.

Next up, Pwn2Own newcomers Pedro Ribeiro and Radek Domanski of Team Flashback targeted the LAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700). Pedro and Radek used a stack-based buffer overflow to get a shell on the router. Their first foray into the Pwn2Own world earned them $5,000 and .5 Master of Pwn points.

In a day full of firsts, the Fluoroacetate duo returned for the first ever attempt in the Home Automation category. They chose the Amazon Echo Show 5 for their target, and with the device in an RF enclosure to ensure no outside interference, they used an integer overflow in JavaScript to compromise the device and take control. This exploit earned them $60,000 and 6 Master of Pwn points.

Richard and Amat returned to the television category, this time targeting the Samsung Q60. Although their first attempt failed, their second attempt was able to use an integer overflow in JavaScript to get a reverse shell from the television. The successful demonstration earned the team another $20,000 and 2 Master of Pwn points.

The Fluoroacetate team returned, this time targeting the first handset of the competition – the Xiaomi Mi9. This time, they used a JavaScript bug that jumped the stack to exfiltrate a picture from the Xiaomi Mi9. Once patched, this should prove to be an interesting write-up. They earned $20,000 USD and 2 additional Master of Pwn points for their efforts.

Next, the Flashback duo of Pedro Ribeiro and Radek Domanski targeted the WAN interface of the NETGEAR Nighthawk Smart WiFi Router (R6700) in the Router category. Although the attempt took some time due to the device starting up, they were able to remotely modify the router's firmware such that their payload persisted across a factory reset. They earned $20,000 and 1 more Master of Pwn point for their successful demonstration.

In their final attempt of the day, Pedro Ribeiro and Radek Domanski targeted the LAN interface of the TP-Link AC1750 Smart WiFi router. They used a total of three different bugs – starting with a command injection vulnerability – to get their code executed on the target. They earned themselves another $5,000 and .5 Master of Pwn points. That brings their total winnings on the first day of their first Pwn2Own to $30,000.

The team from F-Secure Labs - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro – were up next also targeting the TP-Link AC1750 Smart WiFi router. Although they had a successful demonstration (complete with synchronized lights on the router), the exploit used some of the same bugs as a previous contestant. It still qualified as a partial win, but no Master of Pwn points were awarded. It was still a great demonstration – especially the “Vegas lights” on the router.

In their final attempt for Day One, the Fluoroacetate team of Richard Zhu and Amat Cama returned to target the Samsung Galaxy S10 via the NFC component. They used a bug in JavaScript JIT followed by a Use After Free (UAF) to escape the sandbox and grab a picture off the phone. All it took was a tap. Their final entry for Day One earns them $30,000 and 3 Master of Pwn points. That puts their day one total at $145,000. They also have a commanding lead on Master of Pwn with 15 total points.

The final event of the day saw the F-Secure Labs crew return to target the Xiaomi Mi9 handset in the Web Browser category. They had a partial success. Their demonstration was successful thanks to a couple of chained logic bugs. However, one of the bugs was known to the vendor. That’s makes it a partial win, but the team still receives $20,000 and 2 Master of Pwn points.

Pwn2Own Tokyo 2019 consinues tomorrow. Security researchers will target the following devices:

• Oppo F11 Pro in the Baseband category
• Samsung Galaxy S10 in the Baseband category
• NETGEAR Nighthawk Smart WiFi Router R6700 (LAN interface) in the Router category
• TP-Link AC1750 Smart WiFi Router (WAN interface) in the Router category
• TP-Link AC1750 Smart WiFi Router (WAN interface) in the Router category
• Xiaomi Mi9 NFC component in the Short Distance category
• Samsung Galaxy S10 in the Web Browser category