Pwn20wn: Galaxy S23 Was Hacked Twice In The Competition

Galaxy s23

Last year, the Pwn2Own hacking competition managed to crack the Samsung Galaxy S22 series in just 55 seconds – and this year the S23 series hasn’t fared much better either.

Vulnerabilities In Devices

There were numerous zero-day and exploit demonstrations on the first day of the competition. Overall, the experts will face the challenges again over four days and identify security gaps in smartphones, tablets, printers, routers, and network storage.

The competition is aimed at consumer devices and is therefore also an indicator of the security of the devices that each of us uses at home. Security researchers hacked the Samsung Galaxy S23 twice on the first day of the Pwn2Own 2023 hacking competition in Toronto, Canada.

Pentest Limited was the first team to demonstrate a zero-day vulnerability on the Samsung flagship Galaxy S23 by exploiting an input validation vulnerability to gain code execution. There was a $50,000 reward for this.

The STAR Labs SG team also exploited input validation to crack a Samsung Galaxy S23. The prize was $25,000 (half the price of the second round, in which the same device was attacked). According to the Pwn2Own Toronto 2023 competition rules, all target devices must be running the latest operating system versions and have all security updates installed.

It can now be expected that new updates will be published shortly for the vulnerabilities shown.

Also shown were exploits and vulnerabilities that targeted zero-days in Xiaomi’s 13 Pro smartphone, as well as printers, smart speakers, NAS devices, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos.

The full list includes mobile phones (e.g. the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Pro), printers, wireless routers, network-attached storage (NAS) devices, home automation hubs, surveillance systems, smart Speakers as well as Google’s Pixel Watch and Chromecast devices, all in their standard configuration and with the latest security updates.

$300,000 for hacking the iPhone 14

By the way, the highest rewards are again for zero-day bugs in the mobile phone category, with cash prizes of up to $300,000 for hacking the iPhone 14 and $250,000 for the Pixel 7. But no successes have been reported for this yet – that could be but will change soon.

1 thought on “Pwn20wn: Galaxy S23 Was Hacked Twice In The Competition

Leave a Reply