Hacking Contest: Samsung Galaxy S23 hacked twice

Safety researchers hacked the Samsung Galaxy S23 hacked twice throughout the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.

Read Also: This Complete Ethical Hacking Bundle Is Less Than $50 

Additionally they demoed exploits and vulnerability chains concentrating on zero-days in Xiaomi’s 13 Professional smartphone, in addition to printers, good audio system, Community Connected Storage (NAS) units, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos.

Pentest Restricted was the primary to demo a zero-day on Samsung’s flagship Galaxy S23 system by exploiting improper enter validation weak point to realize code execution, incomes $50,000 and 5 Grasp of Pwn factors.

The STAR Labs SG crew additionally exploited a permissive checklist of allowed inputs to hack a Samsung Galaxy S23, incomes $25,000 (half prize for the second spherical of concentrating on the identical system) and 5 Grasp of Pwn factors.

“Whereas solely the primary demonstration in a class wins the complete money award, every profitable entry claims the complete variety of Grasp of Pwn factors,” the organizers explain.

“Because the order of makes an attempt is set by a random draw, those that obtain later slots can nonetheless declare the Grasp of Pwn title – even when they earn a decrease money payout.”

In line with the Pwn2Own Toronto 2023 contest rules, all focused units run the newest working system variations with all safety updates put in.

ZDI awarded $438,750 throughout the first day of the competition for 23 efficiently demoed zero-day vulnerabilities.

Greater than $1 million in money and prizes

Throughout the Pwn2Own Toronto 2023 hacking occasion organized by Development Micro’s Zero Day Initiative (ZDI), opponents can goal cellular and IoT units.

The entire checklist consists of cell phones (i.e., the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Professional), printers, wi-fi routers, network-attached storage (NAS) units, residence automation hubs, surveillance techniques, good audio system, and Google’s Pixel Watch and Chromecast units, all of their default configuration and working the newest safety updates.

The best rewards are for zero-day bugs within the cell phone class, with money prizes of as much as $300,000 for hacking the iPhone 14 and $250,000 for the Pixel 7, with greater than $1,000,000 in money accessible for contestants.

Efficiently exploiting Google and Apple units additionally offers $50,000 bonuses if the exploit payloads execute with kernel-level privilege, bringing the utmost attainable award for a single problem to a complete of $350,000 for a full exploit chain with kernel-level entry concentrating on the Apple iPhone 14.

You’ll find the entire schedule of the competitors contest here. The complete schedule for Pwn2Own Toronto 2023’s first day and the outcomes for every problem are listed here.

On the second day of the competition, the Samsung Galaxy S23 will once more be examined by safety researcher Le Xich Lengthy and hackers at vulnerability analysis agency Interrupt Labs.

In March, throughout the Pwn2Own Vancouver 2023 competition, researchers have been awarded $1,035,000 and a Tesla Mannequin 3 automobile for exploiting 27 zero-day (and several other bug collisions) between March 22 and 24.