Overview
- The record $1 million top bounty incentivizes zero-click remote code execution hacks on WhatsApp, up from $300,000 at Pwn2Own Ireland 2024 when no submissions emerged.
- Tiered WhatsApp rewards include $500,000 for one-click code execution, $150,000 for zero-click account takeover and $130,000 for zero-click microphone, camera or data-access exploits.
- Expanded mobile targets encompass Google Pixel 9 and iPhone 16 for up to $300,000 per exploit and Samsung Galaxy devices for $50,000, with a new USB port attack vector supplementing traditional wireless methods.
- Meta wearables such as Ray-Ban smart glasses and Quest VR headsets carry bounties between $30,000 for jailbreaks and $150,000 for zero-click remote code execution flaws.
- Additional prizes cover SOHO network attacks (up to $100,000), NAS and smart-home device hacks (up to $50,000), surveillance systems (up to $30,000) and printers (up to $20,000) under the contest’s responsible-disclosure policy.