The Samsung Galaxy S22 is one of them best android phones you can buy, but it is not without flaws as demonstrated by the participants of this year’s Pwn2Own hacking competition.
During the four-day event held in Toronto, the Korean hardware giant’s flagship smartphone was hacked by several attendees, and two even managed to find zero-day vulnerabilities and exploit them. However, on day three of Pwn2Own 2022, security researchers managed to hack the Galaxy S22 in under a minute.
As reported by BleepingComputer (opens in a new tab), security researchers from Pentest Limited showed a demo of a zero-day flaw for the Galaxy S22 that used a faulty Input Validation attack to gain access to the device in just 55 seconds. Since Pwn2Own is a hacking contest sponsored by the Zero Day Initiative at Trend Microthe security researchers were awarded five points and took home a prize of $25,000.
It’s worth noting that all the Galaxy S22 smartphones hacked on Pwn2Own were running Android 13 with all the latest updates from Samsung installed as part of the rules of the competition (opens in a new tab).
Samsung Galaxy S22 zero days
While Pwn2Own ended with a bang with the Galaxy S22 hacked in 55 seconds, it was actually hacked on four separate occasions during the competition.
In fact, during the first day of the competition, two zero-day vulnerabilities was discovered on the device and successfully exploited by the participants. For those unfamiliar, a zero-day is a type of vulnerability that was previously unknown to a device’s creator, and a patch is not yet available.
The STAR labs team found and exploited the first zero-day bug on the Galaxy S22 by performing a faulty input validation attack that earned them $50,000 and 5 points. Another participant named Chim found another zero-day and demonstrated a successful exploit to earn $25,000 and 5 points.
Should you be worried?
If you own a Samsung Galaxy S22, the news that your phone was hacked in less than a minute may have you worried about your device and the data stored on it. However, you shouldn’t be.
Hacking contests like Pwn2Own are designed to give security researchers and ethical hackers an opportunity to showcase their skills, but they also benefit the companies whose devices are hacked. If a cybercriminal discovered the zero-days discussed above, there would be cause for concern as they could use them in attacks before Samsung has a chance to patch them. But in this case, Samsung and other vendors are well aware of what’s going on at Pwn2Own, and their engineers are probably working on fixing these issues right now.
Samsung wasn’t the only device manufacturer whose products were hacked at Pwn2Own, as Network Attached Storage (NAS) devices, routers, smart speakers and printers from Cisco, Netgear, Canon, Ubiquiti, Sonos, Lexmark, Synology and Western Digital were also compromised and exploited during the competition.
If you want a little extra security for your Samsung Galaxy S22, you can always install one of them best android antivirus apps which can detect malware online and ensure it does not infect your smartphone.