Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto

Trending 1 month ago

Pwn2Own Toronto

Security researchers hacked nan Samsung Galaxy S23 doubly during nan first time of nan consumer-focused Pwn2Own 2023 hacking title successful Toronto, Canada.

They besides demoed exploits and vulnerability chains targeting zero-days successful Xiaomi's 13 Pro smartphone, arsenic good arsenic printers, smart speakers, Network Attached Storage (NAS) devices, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos.

Pentest Limited was nan first to demo a zero-day connected Samsung's flagship Galaxy S23 instrumentality by exploiting improper input validation weakness to summation codification execution, earning $50,000 and 5 Master of Pwn points.

The STAR Labs SG squad besides exploited a permissive database of allowed inputs to hack a Samsung Galaxy S23, earning $25,000 (half prize for nan 2nd information of targeting nan aforesaid device) and 5 Master of Pwn points.

"While only nan first objection successful a class wins nan afloat rate award, each successful introduction claims nan afloat number of Master of Pwn points," nan organizers explain.

"Since nan bid of attempts is wished by a random draw, those who person later slots tin still declare nan Master of Pwn title – moreover if they gain a little rate payout."

According to nan Pwn2Own Toronto 2023 contest rules, each targeted devices tally nan latest operating strategy versions pinch each information updates installed.

ZDI awarded $438,750 during nan first time of nan title for 23 successfully demoed zero-day vulnerabilities.

More than $1 cardinal successful rate and prizes

During the Pwn2Own Toronto 2023 hacking arena organized by Trend Micro's Zero Day Initiative (ZDI), competitors tin target mobile and IoT devices.

The complete database includes mobile phones (i.e., nan Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Pro), printers, wireless routers, network-attached retention (NAS) devices, location automation hubs, surveillance systems, smart speakers, and Google's Pixel Watch and Chromecast devices, each successful their default configuration and moving nan latest information updates.

The highest rewards are for zero-day bugs successful nan mobile telephone category, pinch rate prizes of up to $300,000 for hacking nan iPhone 14 and $250,000 for nan Pixel 7, pinch much than $1,000,000 successful rate disposable for contestants.

Successfully exploiting Google and Apple devices besides provides $50,000 bonuses if nan utilization payloads execute pinch kernel-level privilege, bringing nan maximum imaginable grant for a azygous situation to a full of $350,000 for a afloat utilization concatenation pinch kernel-level entree targeting nan Apple iPhone 14.

You tin find nan complete schedule of nan title contest here. The afloat schedule for Pwn2Own Toronto 2023's first time and nan results for each situation are listed here.

On nan 2nd time of nan contest, nan Samsung Galaxy S23 will again beryllium tested by information interrogator Le Xich Long and hackers astatine vulnerability investigation patient Interrupt Labs.

In March, during the Pwn2Own Vancouver 2023 competition, researchers were awarded $1,035,000 and a Tesla Model 3 car for exploiting 27 zero-day (and respective bug collisions) betwixt March 22 and 24.