Samsung smartphones use hardware security features called Knox, and almost all mid-range and flagship models of this brand are launched with this feature. However, security researchers participating in the Pwn2Own contest targeted the Galaxy S22 and surprisingly managed to find many zero-day vulnerabilities on the device. Currently, this tournament continues in Toronto, Canada.
Zero Day Initiative (ZDI) hosts the Pwn2Own hacking contest; A competition where hackers show off their skills in discovering zero-day vulnerabilities. Thanks to the actions of several hackers, critical zero-day flaws have been identified in NAS (Network Attached Storage) devices from various brands such as NetGear, HP, Lexmark, Canon, TP-Link, Sonos, Synology, and Western Digital.
The Korean tech giant’s flagship phone, the Galaxy S22, was also targeted by many hackers, who quickly discovered various security flaws on it. written by Gizmochina, two important problems in the current Samsung flagship were identified by the Star Labs team and the Chim team. This incident happened on the first day of Pwn2Own and the hackers managed to take full control of the device by taking advantage of the security weaknesses. A team called Pentest Limited also managed to hack this phone on the second day of the tournament.
In fact, the record of successful hacking of Samsung Galaxy S22 reached less than one minute (55 seconds) on the third day. This has happened four times in Pwn2Own competitions so far. Thus, hackers can exploit zero-day vulnerabilities in a Samsung flagship phone in less than a minute. Security experts at Pentest Limited claim to have managed to gain access to the phone using an “improper input validation” attack.
It should be noted that according to the rules of the Pwn2Own competition, the Galaxy S22 was updated to the latest version of the Android operating system and the latest security patches. Security experts received a reward of $25,000 and five points for breaking into this phone. Anyway, hacking a flagship device in less than a minute seems really weird. Regardless of the hacker’s skill, this shows that Samsung’s current flagship has certain security flaws.