Security researchers hacked the Galaxy S22 in just 55 seconds |
Contestants of the annual hacking competition Pwn20wn hacked the Samsung Galaxy S22 for the fourth time since the competition began, but this time in just 55 seconds.
Security researchers on behalf of penetration testing provider Pentest Limited were able to take action after exploiting a vulnerability exposed in an attack called Inappropriate Input Validation on Galaxy S22 phones.
The achievement netted them $25,000 as it was the fourth and final time the Galaxy S22 was hacked during the Pwn20wn Toronto 2022 contest.
Qrious Secure researchers Tri Dang and Ton Pham also attempted to bypass smartphone security, but were unable to prove that they could exploit the vulnerabilities within the specified retry time.
On the first day of the competition, the STAR Labs team and a security researcher named Chim tried to exploit other revealed vulnerabilities to successfully attack Samsung's flagship phone.
In all four cases, the smartphones were running the latest version of the Android operating system, with all available updates installed according to the competition rules.
Day three of Pwn2Own Toronto 2022 concluded with information security company Trend Micro's zero-day program, which offered $253,500 in rewards for 14 unique vulnerabilities across multiple categories.
On Day 3, attendees demonstrated exploits for security vulnerabilities disclosed targeting routers, smart speakers, printers, and NAS devices from companies including Cisco, NETGEAR, Canon, Ubiquiti, Sonos, Lexmark, Synology, and Western Digital.
The total cash prize for finding 60 unique vulnerabilities detected after the first three days of the competition is approximately $934,750.
Pwn20wn Toronto 2022, the hackathon that usually lasts for three days, has been extended for a fourth day after 26 participants and teams signed up to 66 targets.