The Samsung Galaxy S22 was just hacked in 55 seconds — yikes

A picture of a skull and bones on a smartphone depicting malware
(Image credit: Shutterstock)

The Samsung Galaxy S22 is one of the best Android phones you can buy but it’s not without its faults as demonstrated by contestants at this year’s Pwn2Own hacking competition.

During the four-day event held in Toronto, the Korean hardware giant’s flagship smartphone was hacked by multiple contestants and two even managed to find zero-day vulnerabilities and successfully exploit them. However, on day three of Pwn2Own 2022, security researchers managed to hack the Galaxy S22 in under a minute.

As reported by BleepingComputer (opens in new tab), security researchers from Pentest Limited showed off a demo of a zero-day bug for the Galaxy S22 that used an Improper Input Validation attack to gain access to the device in just 55 seconds. Since Pwn2Own is a hacking competition sponsored by the Zero Day Initiative at Trend Micro, the security researchers were awarded five points and took home a $25,000 prize.

It’s worth noting that all of the Galaxy S22 smartphones hacked at Pwn2Own were running Android 13 with all of the latest updates from Samsung installed as part of the competition’s rules (opens in new tab)

Samsung Galaxy S22 zero-days

A magnifying glass depicting the process of finding bugs in software

(Image credit: Shutterstock)

While Pwn2Own ended with a bang with the Galaxy S22 hacked in 55 seconds, it was actually hacked on four separate occasions during the competition.

In fact, during the first day of the competition, two zero-day vulnerabilities were discovered on the device and successfully exploited by contestants. For those unfamiliar, a zero-day is a type of vulnerability that was previously unknown to a device’s creator and a patch isn’t available yet.

The STAR labs team found and exploited the first zero-day bug on the Galaxy S22 by executing an improper input validation attack which earned them $50,000 and 5 points. Another contestant named Chim found another zero-day and demoed a successful exploit to earn $25,000 and 5 points.

Should you be worried?

Samsung Galaxy S22 in hand back

(Image credit: Future)

If you own a Samsung Galaxy S22 the news that your phone was hacked in under a minute might have you concerned about your device and the data stored on it. However, you shouldn’t be.

Hacking competitions like Pwn2Own are designed to give security researchers and ethical hackers an opportunity to show off their skills but they also benefit the companies whose devices are hacked. If a cybercriminal discovered the zero-days discussed above, it would be cause for concern as they could use them in attacks before Samsung has a chance to patch them. In this case though, Samsung and other vendors are well aware of what’s happening at Pwn2Own and their engineers are likely working on fixing these issues right now.

Samsung wasn’t the only device manufacturer whose products were hacked at Pwn2Own as Network Attached Storage (NAS) devices, routers, smart speakers and printers from Cisco, Netgear, Canon, Ubiquiti, Sonos, Lexmark, Synology and Western Digital were also compromised and exploited during the competition.

If you want some additional security for your Samsung Galaxy S22 though, you can always install one of the best Android antivirus apps which can spot malware online and ensure it doesn’t infect your smartphone.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.