QNAP® Systems, Inc. is committed to enhancing the security of its products by engaging in international collaborations. Recently, the company participated in the Pwn2Own Toronto 2023 competition organized by Trend Micro’s Zero Day Initiative (ZDI), resulting in valuable experiences and achievements. QNAP will continue to deepen its cooperation with international cybersecurity organizations to continuously improve product security, ensuring the best protection for users' data.
Pwn2Own is a global cybersecurity competition organized by ZDI aimed at challenging security vulnerabilities in various software and hardware. Participants utilize various techniques, including exploit and zero-day attacks, to breach target systems. This competition not only provides a platform for security experts to showcase their skills but also enables vendors to understand and address security vulnerabilities in their products, benefiting users worldwide.
QNAP's Product Security Incident Response Team (PSIRT) participated in the Pwn2Own 2023 review meeting, confirming weaknesses revealed by participants in the company's products. Subsequently, QNAP promptly initiated remediation efforts and released updated versions of its NAS operating system, enabling users to quickly complete the updates.
QNAP expresses gratitude to the Zero Day Initiative for organizing the Pwn2Own event, which provides a platform for promoting cybersecurity communication and collaboration. Special thanks are extended to Kholoud Altookhy, Rebecca MacKenzie, Mai Mostafa, and Jimmy Calderon of the ZDI Program Operations team for their assistance and contributions in coordinating the disclosure process between ZDI and QNAP's security incident response team. QNAP also expresses gratitude to the research community for their hard work and dedication to protecting our customers.
Senior Manager of QNAP's Product Security Incident Response Team, Stanley Huang, stated, "In the future, QNAP will actively participate in similar events and become sponsors to further promote the development of cybersecurity, providing users with more secure and reliable products and services."
Pwn2Own 2023 related QNAP security patches:
- https://www.qnap.com/en/security-advisory/qsa-24-14
Title: Multiple Vulnerabilities in QTS, QuTS hero, and QuTScloud (PWN2OWN 2023) - https://www.qnap.com/en/security-advisory/qsa-24-09
Title: Multiple Vulnerabilities in QTS, QuTS hero, QuTScloud, myQNAPcloud, and myQNAPcloud Link (PWN2OWN 2023)