October 25, 2023 at 06:50PM
Security researchers successfully hacked the Samsung Galaxy S23 smartphone multiple times during the Pwn2Own 2023 hacking competition in Canada. They also discovered vulnerabilities in other devices such as printers, routers, smart speakers, surveillance systems, and NAS devices. The competition offers significant cash prizes, totaling over $1 million, for finding zero-day vulnerabilities in various devices. Further details and results can be found on the competition’s official website.
Meeting Takeaways:
– Security researchers successfully hacked the Samsung Galaxy S23 smartphone multiple times during the Pwn2Own 2023 hacking competition in Toronto, Canada.
– The contestants also demonstrated zero-day bugs in various devices, including printers, routers, smart speakers, surveillance systems, and NAS devices from Canon, Synology, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP.
– Interrupt Labs security researchers were the first to showcase a zero-day exploit on the Samsung Galaxy S23 using an improper input validation attack. The ToChim team exploited a permissive list of allowed inputs to hack Samsung’s flagship.
– Both teams earned $25,000 and 5 Master of Pwn points for their demonstrations.
– The organizers clarified that while only the first demonstration in each category receives the full cash award, every successful entry claims the full number of Master of Pwn points.
– Pentest Limited and STAR Labs SG team also demonstrated two other zero-days on the first day of Pwn2Own Toronto, targeting the Android operating system with all security updates.
– Trend Micro’s Zero Day Initiative awarded a total of $352,500 for more than a dozen zero-days and multiple bug collisions on the second day of the competition, bringing the total awarded amount to $791,250 for 39 unique zero-days over the first two days.
– The Pwn2Own Toronto 2023 event organized by Trend Micro’s Zero Day Initiative offers participants the opportunity to target various devices, including mobile phones like the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Pro, as well as printers, routers, NAS devices, home automation hubs, smart speakers, and more.
– Cash prizes at stake range from $300,000 for hacking the iPhone 14 to $250,000 for the Pixel 7, with a chance to win over $1,000,000 in total throughout the competition.
– Successful exploitation of Google and Apple devices with kernel-level privilege execution earns a $50,000 bonus, potentially reaching a maximum award of $350,000 for a full exploit chain with kernel-level access targeting the iPhone 14 (though no attempts to hack the iPhone are scheduled).
– Team Orca of Sea Security will be targeting the Samsung Galaxy S23 on the third day of the contest.
– In the Pwn2Own Vancouver 2023 competition held in March, participants were awarded $1,035,000 in cash prizes and a Tesla Model 3 car for 27 zero-day vulnerabilities and several bug collisions.