Pentest Limited and Star Labs SG quickly exposed the weaknesses of the Galaxy S23 at Pwn2Own.
In today's cybersecurity landscape, high-end electronic devices face many challenges. Samsung's Galaxy S23 was carefully researched at the Pwn2Own 2023 event taking place in Toronto. Surprisingly, the product was compromised not once, not twice, but four times during the event.
As reported by Bleeping Computer, the first successful breach was orchestrated by Pentest Limited. They exploited an input validation weakness in the Galaxy S23, allowing the group to execute code on the device. This feat earned them a $ 50,000 prize and five Master of Pwn points.
Not long after, the Star Labs SG team found a way to hack into the device by exploiting the list of allowed inputs. Their efforts were awarded $ 25,000 and five Master of Pwn points. You should know that subsequent hack demonstrations on the same device category only receive half the amount of cash compared to the first demonstration.
On the second day of the event, Bleeping Computer reported that the Galaxy S23 was hacked two more times. Interrupt Lab researchers exploited another input validation weakness. Next, the ToChom group took advantage of a vulnerability in the list of other allowed inputs. Each side wins $ 25,000 and five Master of Pwn points.
In the above cases, Samsung's Galaxy S23 was updated to the latest software and security patches.
Toronto's Pwn2Own event – launched by Trend Micro's Zero Day Initiative – is where cybersecurity experts gather to find weaknesses in modern devices, including phones, printers, and speakers. smart.
The event has a total prize of more than one million dollars, with the most prestigious reward being reserved for zero-day errors on phones.
Successfully exploiting devices from tech giants like Google and Apple can earn contestants up to $ 350,000. This top reward was only claimed by the team that discovered a complete exploit chain that could open kernel-level access to the operating system on Apple's iPhone 14.
Star Labs – one of the teams that successfully hacked the Galaxy S23 – often successfully identifies serious vulnerabilities.
According to a separate report from Bleeping Computer, Nguyen Tien Giang – a researcher at Star Labs – previously published a technical analysis of a series of vulnerabilities in Microsoft SharePoint Server. This chain includes a critical authentication bypass vulnerability that Giang successfully exploited in the Pwn2Own competition in Vancouver in March 2023, winning a reward of $ 100,000.
The vulnerabilities of the Samsung Galaxy S23 during this Pwn2Own event highlight the importance of security investigations and timely software patching.
With each technological leap, the strategies used by those exploiting weaknesses in software also evolve. This gives rise to an environment where protectors and exploiters continually adapt. Each side tries to predict and counter the other side's potential moves. On the user side, you should be extremely cautious when participating in the technology world.