Some primary flaws, which should be resolved before the launch of smartphones, end up passing and remaining even in more advanced cell phones, such as the Samsung Galaxy S22. Because it was precisely this vulnerability that a team of “good hackers” managed to use to invade Samsung’s top-of-the-line cell phone during an event.
This is the Pwn2Ownm competition that takes place in Toronto, Canada, in which two teams managed to take advantage of separate phone instabilities. The idea is to exploit these “zero-day” flaws, as they are dubbed, not only in smartphones, but also in home automation hubs, printers, wireless routers, network-attached storage and smart speakers.
After successfully hacking a device, teams provide all the details to companies so that they release a patch to fix the issue in exchange for rewards. This year, the teams can win cash prizes of up to $200,000 for hacking the Google Pixel 6 and Apple iPhone 13 smartphones. In addition, teams can receive a $50,000 bonus if the hacks are executed with kernel-level privileges.
The competition started with the STAR Labs team hacking the Galaxy S22 for improper input validation on their third attempt. Hours later, the Chim team successfully rolled out another exploit on mobile, performing the same improper input validation attack.
According to the rules of the competition, the first winner of each goal receives the total prize money and the devices under test. All other winners receive 50% of the prize package plus competition points.
(updated Dec 08, 2022 at 20:02)