$1 Million Up for Grabs for Undetected One-Click WhatsApp Hack

The tech world is abuzz with the upcoming Pwn2Own competition, set to take place in Cork, Ireland from October 21 to 24. This is the second time the event will be held in Ireland, and this year, it's bigger and more exciting than ever.

Organized by Trend Micro's Zero Day Initiative (ZDI), the competition aims to incentivize security researchers to find exploits in various products. The focus this year is on a wide range of consumer products, with mobile handsets at the heart of the event.

Contestants will be able to hack a Samsung Galaxy S25, Google Pixel 9, and an Apple iPhone 16. But that's not all. The competition includes eight categories: mobile phones, messaging, SOHO Smashup, smart home devices, printers, Network Attached Storage (NAS) devices, surveillance system devices, and wearables.

Other products in the competition include QNAP, Ubiquiti, and Nest SOHO devices, Amazon, Philips, and Sonos smart home devices, Meta Quest headsets, and Ray-Ban Smart Glasses.

In a twist, the mobile category of the Pwn2Own competition will include a new USB attack vector for phones. This is a significant development, and it promises to make the competition even more challenging and exciting.

But the most intriguing category is the one offering a $1m prize. That's right, a million dollars. The prize is for finding a high-impact exploit in WhatsApp. Last year, no one attempted this category. But this year, with a million-dollar bounty on the table, it's anyone's game.

Dustin Childs, head of threat awareness at ZDI, mentioned that last year, $1,066,625 was awarded for over 70 unique zero-day vulnerabilities at the contest. He also stated that they are looking forward to seeing if 2025 tops that number.

Zero-click WhatsApp exploits have been used in the past to deliver malware such as Pegasus by commercial spyware companies like NSO Group. So, the stakes are high, and the competition promises to be intense.

To ensure customer protection, Trend Micro will provide virtual patches until a full update is available. The company is committed to responsible disclosure, ensuring that vendors have enough time to fix the vulnerabilities before they can be exploited in the wild.

With Meta as the main sponsor this year, alongside Synology and QNAP, the Pwn2Own competition is shaping up to be one of the most exciting events in the tech calendar. So, get ready to witness some groundbreaking discoveries and jaw-dropping hacks in Cork, Ireland, this October.