During the four-day event held in Toronto, the Korean hardware giant’s flagship smartphone was hacked by multiple contestants and two even managed to find zero-day vulnerabilities and successfully exploit them. However, on day three of Pwn2Own 2022, security researchers managed to hack the Galaxy S22 in under a minute.
As reported by BleepingComputer (opens in new tab), security researchers from Pentest Limited showed off a demo of a zero-day bug for the Galaxy S22 that used an Improper Input Validation attack to gain access to the device in just 55 seconds. Since Pwn2Own is a hacking competition sponsored by the Zero Day Initiative at Trend Micro, the security researchers were awarded five points and took home a $25,000 prize.
It’s worth noting that all of the Galaxy S22 smartphones hacked at Pwn2Own were running Android 13 with all of the latest updates from Samsung installed as part of the competition’s rules (opens in new tab).
Samsung Galaxy S22 zero-days
While Pwn2Own ended with a bang with the Galaxy S22 hacked in 55 seconds, it was actually hacked on four separate occasions during the competition.
In fact, during the first day of the competition, two zero-day vulnerabilities were discovered on the device and successfully exploited by contestants. For those unfamiliar, a zero-day is a type of vulnerability that was previously unknown to a device’s creator and a patch isn’t available yet.
The STAR labs team found and exploited the first zero-day bug on the Galaxy S22 by executing an improper input validation attack which earned them $50,000 and 5 points. Another contestant named Chim found another zero-day and demoed a successful exploit to earn $25,000 and 5 points.
Should you be worried?
If you own a Samsung Galaxy S22 the news that your phone was hacked in under a minute might have you concerned about your device and the data stored on it. However, you shouldn’t be.
Hacking competitions like Pwn2Own are designed to give security researchers and ethical hackers an opportunity to show off their skills but they also benefit the companies whose devices are hacked. If a cybercriminal discovered the zero-days discussed above, it would be cause for concern as they could use them in attacks before Samsung has a chance to patch them. In this case though, Samsung and other vendors are well aware of what’s happening at Pwn2Own and their engineers are likely working on fixing these issues right now.
Samsung wasn’t the only device manufacturer whose products were hacked at Pwn2Own as Network Attached Storage (NAS) devices, routers, smart speakers and printers from Cisco, Netgear, Canon, Ubiquiti, Sonos, Lexmark, Synology and Western Digital were also compromised and exploited during the competition.
If you want some additional security for your Samsung Galaxy S22 though, you can always install one of the best Android antivirus apps which can spot malware online and ensure it doesn’t infect your smartphone.