21-12-2022, Contestants in the Pwn2Own Toronto 2022 hacking competition have hacked the Samsung Galaxy S22 smartphone several times in the first 24 hours of the tournament.
The STAR Labs team was the first group that hacked Samsung’s premiere product. The group has abused a zero-day flaw in the S22, which is an improper input validation attack on their third attempt. They have received $50,000 and 5 Master of Pwn points as a prize for their work.
Another participant, Chim, has performed an exploit targeting the Samsung Galaxy S22. He also executed an improper input validation attack that earned him half of the prize of the first contestant.
The Galaxy 22 used at the Pwn2Own Toronto 2022 is the flagship unit of Samsung, with the latest version of its Android OS.
According to the rule of Pwn2Own Toronto 2022, the Samsung Galaxy S22 devices are operated by the latest version of the Android OS with all available updates installed.
During the contest’s initial day, the participants successfully displayed and performed exploits targeting zero-day vulnerabilities in routers and printers from vendors such as NETGEAR, TP-Link, Synology, HP, Canon, and Lexmark.
Security researchers who joined that contest could target smartphones, home automation hubs, routers, smart speakers, printers, network-attached storage, and other devices. All the mentioned IoTs are updated and in their default configuration.
Contestants could win as much as $200,000 for the mobile phone category if they could hack iPhone 13 and Google Pixel 6 smartphones.
Moreover, hacking Apple and Google devices could also give the participants a $50k bonus if the exploits have the kernel-level privilege. Hence, the highest prize that anyone could achieve within the contest could reach a quarter of a million dollars. However, they need a complete exploit chain with kernel-level privileges.
The Canadian consumer-focused event ran from December 6 to December 8. This year’s high number of participants has prompted the event organiser to extend the competition for four days.
During the four days, the 26 teams and contestants must exploit 66 targets across all categories to get tremendous cash prizes.