Galaxy S22 phone hacked in just 55 seconds
Samsung flagship phones are consistently at the top of the smartphone industry and are nearly an unfailing choice for most people.
These devices, however, are not without faults, as demonstrated by entrants in this year's Pwn2Own hacking competition.
Several contestants hacked Samsung electronics during the four-day event in Toronto, and two even discovered and exploited zero-day vulnerabilities. On the third day of Pwn2Own 2022, however, security professionals were able to hack the Galaxy S22 in less than 60 seconds.
Pentest Limited specialists demonstrated the Galaxy S22 phone's zero-day vulnerability and utilized the Improper Input Validation attack to obtain access to the device in under 55 seconds.
Because Trend Micro, an IT security business, sponsored the Pwn2Own tournament, the team received five points and a prize of $25,000.
It should be emphasized that all hacked Galaxy S22 phones were running Android 13, i.e. One UI 5, and that all smartphones had the most recent security patch loaded, as required by the Pwn2Own competition regulations.
Although Pwn2Own was able to hack Samsung's 2022 flagship phone at record speed, it was really hacked four times during the competition.
Two zero-day vulnerabilities were identified on the device on the first day, and the contestants successfully exploited them. For those who are unfamiliar, a zero-day vulnerability is a sort of vulnerability that was previously unknown to the device manufacturer and for which no patch is now available.
The STAR labs team discovered and exploited the first zero-day vulnerability of the Galaxy S22 phone, collecting $50,000 and five points, while competitor Chim discovered and successfully demonstrated the second vulnerability, getting $25,000 and five points.
Should you be worried?
If you possess a Samsung Galaxy S22, the news that your phone was hacked in less than 60 seconds is unsettling, and you understandably worry about the protection of your device and the data on it. This is, nevertheless, good news.
Pwn2Own hacking competitions are intended to provide an opportunity for cybersecurity researchers and ethical hackers to exhibit their talents while also providing useful information to manufacturers whose devices have been hacked.
If a cybercriminal discovers zero-day vulnerabilities, this would be cause for alarm because they might be used in attacks before Samsung can patch them. In this scenario, however, Samsung and other manufacturers are well aware of the advancements in the Pwn2Own competition, and their engineers are most likely working on solutions.
Samsung was not the only manufacturer whose devices were hacked by Pwn2Own contestants - the same happened with devices from Cisco, Netgear, Canon, Ubiquiti, Sonos, Lexmark, Synology, and Western Digital.
Post by Bryan C.