In today’s dynamic cybersecurity landscape, top-tier devices can still face challenges. TheSamsung Galaxy S23underwent scrutiny at the Pwn2Own 2023 event in Toronto. Surprisingly, it was compromised not one, not two, but four times during the event.
As reported byBleeping Computer, the first successful breach was orchestrated by Pentest Limited. It exploited an improper input validation weakness in the Galaxy S23, which allowed the team to execute code on the device. This feat earned it a prize of $50,000 and 5 Master of Pwn points. Not long after, the Star Labs SG team also managed to hack the same device using a permissive list of allowed inputs. Its efforts were rewarded with $25,000 and another 5 Master of Pwn points. It’s worth noting that the subsequent demonstrations of a hack on the same device category receives half the cash prize, but the full Master of Pwn points.
On the second day of the event, the Samsung Galaxy S23 was hacked two more times, asBleeping Computer further reports. Interrupt Lab researchers were able to exploit another improper input validation weakness while the ToChom team could follow up with another permissive list of allowed inputs exploit. Both earned $25,000 in cash and 5 Master of Pwn points. In all these instances, the Samsung Galaxy S23 was updated to the latest software and security patches.
The Pwn2Own Toronto event, spearheaded by Trend Micro’s Zero Day Initiative, serves as a gathering for cybersecurity professionals to pinpoint weak spots in contemporary gadgets. This lineup, encompassing smartphones, printers, and smart speakers among others, operates with standard settings and the freshest security patches. The event offers over $1 million in cash and prizes, with the highest rewards reserved for zero-day bugs in mobile phones. For instance, successfully exploiting devices from tech giants like Google and Apple could earn contestants up to $350,000, the highest single reward that is paid out in the case of kernel-level access on an Apple iPhone 14.
Star Labs, one of the teams that hacked the Galaxy S23, has a history of identifying critical vulnerabilities. In a separate report from Bleeping Computer,Star Labs researcherNguyen Tien Giang (Janggggg) had previously published a technical analysis on a chain of vulnerabilities in Microsoft SharePoint Server. This chain included a critical authentication bypass flaw, which Janggggg had successfully exploited during the Pwn2Own Vancouver contest in March 2023, earning a $100,000 reward.
The vulnerabilities exposed in the Samsung Galaxy S23 during the Pwn2Own Toronto event underscore the critical nature of ongoing security investigations and timely software enhancements. With each technological leap, there’s a parallel evolution in the strategies employed by those aiming to find and leverage these weak points. This dynamic resembles an intricate dance, where both the defenders and potential exploiters are constantly adapting, each trying to predict and counter the other’s next move, emphasizing the necessity for vigilance and proactive measures in the tech world.
Samsung Galaxy S23
The Galaxy S23 offers the best that Samsung has — from the Snapdragon 8 Gen 2 for Galaxy chipset to a high-class camera system led by an impressive 50MP sensor — at just the right size with a vibrant and “palmable” 6.1-inch display. The phone also brings a larger battery than the S22’s, plus a sector-leading five years of monthly security updates. That’s all for the same price as last year.
