The Zero Day Initiative (ZDI) project, known for providing financial rewards for reports of undisclosed vulnerabilities, has announced the upcoming Pwn2own Ireland 2025 competition. Set to take place in mid-October in Ireland, the competition invites participants to demonstrate exploits for previously unknown vulnerabilities (0-day). Targets include smartphones, messaging apps, wireless access points, smart home devices, printers, network surveillance systems, and virtual/augmented reality devices. The attacks must be carried out on the latest programs and operating systems with all available updates and in default configurations.
The event is making headlines for offering a million-dollar reward for identifying a vulnerability in the WhatsApp messenger that allows for remote code execution with zero interaction (0-Click). For vulnerabilities that require minimal user interaction (1-Click) for remote operation in WhatsApp, the reward is set at $500,000. Other categories include $150,000 for account takeovers, $130,000 for remote access to user data, microphones, or cameras. Premium rewards of $300,000 are set for remotely operating vulnerabilities on Google Pixel 9 and Apple iPhone 16 smartphones. A new category has been introduced with a $75,000 bonus for hacking devices through USB connections.
For hacking the Meta Quest 3/3s 3D helmet and Meta Ray-Ban smart glasses, rewards of $150,000 have been allocated. The maximum bonuses for hacking smart home devices and network storage systems are $50,000, while video surveillance systems are set at $30,000 and printers at $20,000.