Two groups of white hat hackers have managed to break into the Samsung Galaxy S23 flagship smartphone with the latest software and security updates installed, allowing them to run all kinds of code on the device.
The demos took place during the Pwn2Own 2023 hacking competition currently taking place in Toronto, Canada. The first group to successfully break into the Galaxy S23 device was Pentest Limited. Exploiting an improper input validation vulnerability earned the group the ability to execute code, as well as a $50,000 reward from the organizers.
The second group to achieve a similar result was STAR Labs SG, which exploited a permissive list of allowed inputs and earned them a $25,000 reward.
23 vulnerabilities
On the second day of the event, security researcher Le Xich Long and researchers from Interrupt Labs will also examine the device. BleepingComputer added.
In addition to hacking Samsung’s flagships, event participants also found and demonstrated zero-day vulnerabilities in the Xiaomi 13 Pro, several printers, smart speakers, Network Attached Storage (NAS) endpoints, and surveillance cameras from popular manufacturers such as Western Digital, QNAP, Synology, Canon, Lexmark and Sonos.
On the first day, participants demonstrated 23 zero-day vulnerabilities, earning a total of $438,750 in rewards.