Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Samsung Galaxy S22 Hacked Again On Second Day of Pwn2Own (bleepingcomputer.com) 18

Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada. They also demoed exploits targeting zero-day vulnerabilities in routers, printers, smart speakers, and Network Attached Storage (NAS) devices from HP, NETGEAR, Synology, Sonos, TP-Link, Canon, Lexmark, and Western Digital. BleepingComputer reports: Security researchers representing the vulnerability research company Interrupt Labs were the ones to demonstrate a successful exploit against Samsung's flagship device on Wednesday. They executed an improper input validation attack and earned $25,000, 50% of the total cash award, because this was the third time the Galaxy S22 was hacked during the competition.

On the first day of Pwn2Own Toronto, the STAR Labs team and a contestant known as Chim demoed two other zero-day exploits as part of successful improper input validation attacks against the Galaxy S22. In all three cases, according to the contest rules, the devices ran the latest version of the Android operating system with all available updates installed.

The second day of Pwn2Own Toronto wrapped up with Trend Micro's Zero Day Initiative awarding $281,500 for 17 unique bugs across multiple categories. This brings the first two days of Pwn2Own total to $681,250 awarded for 46 unique zero-days, as ZDI's Head of Threat Awareness Dustin Childs revealed. The full schedule for Pwn2Own Toronto 2022's second day and the results for each challenge are available here. You can also find the complete schedule of the competition here.

This discussion has been archived. No new comments can be posted.

Samsung Galaxy S22 Hacked Again On Second Day of Pwn2Own

Comments Filter:
  • ...to use a proper patched OS, like lineages.org, is so good (Android distributions from the makers of the devices are, generally, full of stupid system apps with a tons of unnecessary permissions...)
  • by RemindMeLater ( 7146661 ) on Thursday December 08, 2022 @07:42PM (#63115286)
    $25k for a zero day of one of the world's most popular phones? Almost insulting. Samsung should add another zero at least.
  • by bjwest ( 14070 ) on Friday December 09, 2022 @12:39AM (#63115730)

    I bought an S22 back in August after my LG G8 started acting up. I was torn between the S22, Pixel 6 or waiting a few of months for the Pixel 7, but I was tired of dealing with the problems that the LG had developed, so I wanted a new phone now. The Pixel 6 was still having reported problems, and I didn't want to purchase the 7 right out of the door in case it did as well, so decided to go with the Samsung S22, whch I purchased unlocked directly from Samsung. My last Samsung was the S4, which I'd kept for five years or so before moving on, and I've had a few Samsung tablets. I never have liked One UI, but deal with it on the tablets, and figured I'd get used to it on the phone, which I have, but still don't care for it.

    After reading about this security issue with Samsung's phones, I'm done with them. Yesterday, I ordered a Pixel 7 direct from Google. They offered me a $600 trade in from my S22, which left the Pixel 7 costing me $155 including tax.

    TLDR: Fuck Samsung.

    • Good for you. Now as soon as you get it, you should install linage or graphene. I run lineage on a bunch of older samsungs, and a nexus4 and love it. Fast and reliable in my experience. I've read credibly good things about graphene, but can't recommend from personal use yet.

      Put wireguard on, connect to your own VPN, and don't forget to encrypt your DNS lookups, and you have the best online privacy you can reasonably achieve.

      I can't say much about the security of the device itself, but I think graphene addr
  • Repeat after me... Samsung can't "do" software.

    They're good at hardware (for sure), they're also quite good at picking features to offer, but every single time... their software sucks.

  • Wait , does this mean there could be a way to install F-Droid and have it do updates itself, without regular rooting?

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...