Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto


Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.

They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi’s 13 Pro smartphone, as well as printers, smart speakers, Network Attached Storage (NAS) devices, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos.

Pentest Limited was the first to demo a zero-day on Samsung’s flagship Galaxy S23 device by exploiting improper input validation weakness to gain code execution, earning $50,000 and 5 Master of Pwn points.

The STAR Labs SG team also exploited a permissive list of allowed inputs to hack a Samsung Galaxy S23, earning $25,000 (half prize for the second round of targeting the same device) and 5 Master of Pwn points.

Read more…