Pwn2Own: Samsung Galaxy S22 was hacked yet again

During the second day, contestants hacked again the Samsung Galaxy S22 during Toronto’s consumer-focused Pwn2Own2022 competition.

The hackers also demonstrated exploits that target zero-day vulnerabilities on routers and printers as well as smart speakers and Network Attached Storage devices (NAS) from HP, NETGEAR and Synology.

On Wednesday, security researchers from vulnerability company Interrupt Labs demonstrated a successful exploit against Samsung’s flagship phone.

Because this was the third hack of Galaxy S22 during the competition, they executed an incorrect input validation attack, earning $25,000 (or 50%) of the total cash prize.

The saw the STAR Labs Team and a contestant named Chim demonstrate two more zero-day exploits in an attempt to successfully invalidate inputs against the Galaxy S22.

According to the in all cases, all devices used the most recent version of Android with all updates.

Pwn2Own Toronto’s second day was concluded with Trend Micro’s Zero Day Initiative, which awarded $281,000.500 to 17 bugs in multiple categories.

As ZDI’s Head for Threat Awareness Dustin Childs explained, this brings Pwn2Own’s first two-day total to $681.250, which was awarded for 46 zero-days.

Four days of competition

At security researchers focus on consumer devices across multiple categories including smart speakers and printers as well as wireless routers and network-attached storage. All of these devices are running the most recent software in their default configuration.

Mobile phone hackers can earn up to $200,000 in cash prizes.

Hacked Apple and Google devices come with bonuses of $50,000 if they execute exploits with kernel-level privilege. The maximum reward for one challenge is $250,000, while a complete exploit chain with kernel access can earn you $250,000.

After 26 contestants registered to exploit the 66 targets in all categories of Pwn2Own Toronto’s hacking contest, this year’s competition was extended for four more days.

.

The Pentest Limited, Qrious Secure and Samsung Galaxy S22 hackers will again test the Samsung Galaxy S22 on the third day.

[embedded content]