Hackers Slaughter Samsung's Galaxy S22 On First Day Of Pwn2Own Competition
Threat actors, particularly advanced persistent threat (APT) groups, are always on the lookout for new zero-day vulnerabilities to be exploited. Zero-day vulnerabilities pose an acute security threat due to their nature as flaws discovered before vendors develop and release patches to fix them. Some cybersecurity researchers attempt to discover these vulnerabilities and report them to the appropriate vendors before they are exploited in the wild. Since 2007, the Zero Day Initiative has been incentivizing researchers and hackers to demonstrate exploits for zero-day vulnerabilities by distributing cash prizes in the Pwn2Own competition.
Pwn2Own Toronto 2022 kicked off yesterday, and two different teams have already successfully exploited vulnerabilities in the Samsung Galaxy S22. Team STAR Labs opened on Tuesday by executing an improper input validation attack against a Galaxy S22 on the team’s third try. This achievement marked the first successful exploit targeting a Galaxy S22, winning STAR Labs $50,000. Team Chim followed this performance by successfully conducting a second improper input validation attack on a Galaxy S22 for a reward of $25,000. Three more teams are slated to attempt exploits on the Samsung Galaxy S22 later in the competition.
However, Samsung devices aren’t the only targets to have been pwned so far. Canon, Lexmark, and HP printers, as well as a collection of TP-Link, Synology, NETGEAR, and Mikrotik routers, have all been targets of successful exploits in this week’s competition. Two different teams also pulled off attacks on Sonos smart speakers today. With a total of twenty-six contestants working to exploit sixty-six targets across four days, some devices are sure undergo some misuse and abuse during Pwn2Own Toronto 2022.