On the first day of the Pwn2Own event this year, contestants successfully hacked the Samsung Galaxy S22 device twice for a total reward of $75,000 and some Matter of Pwn points.
They have found an exploit to validate the device for access โ even though itโs running on the latest Android OS with all updates installed. Well, this device will be put up for hacking again on the second day of the event to find more exploits.
Validation Exploits in Galaxy S22
To the unknown, Pwn2Own is an annual consumer-focused event that lets anyone hack the devices of popular OEMs for rewards. The four-day event this year started with two contestants hacking the Samsung Galaxy S22 device for both monetary and Pwn points.
The first one among them โ the STAR Labs team has leveraged a zero-day exploit in Galaxy S22 for executing their improper input validation attack, earning $50,000 and 5 Master of Pwn points.
STAR Labs was able to execute their improper input validation attack on their 3rd try against the Samsung Galaxy S22. They earn $50K and 5 Master of Pwn points. #P2OToronto #Pwn2Own
The team got a great video of the exploit attempt: https://t.co/69It9QBOy2 pic.twitter.com/20WyVDuV5b
— Zero Day Initiative (@thezdi) December 6, 2022
The next one is Chim, who also demoed a successful exploit targeting the Galaxy S22 validation, earning him $25,000 (50% of the prize for the second round of targeting the same device) and 5 Master of Pwn points.
Sweet calc action! #Pwn2Own #P2OToronto pic.twitter.com/3Fbi3SZE7h
— Zero Day Initiative (@thezdi) December 6, 2022
This was done on a device that was running on the latest Android OS with all the updates installed. Well, the same Galaxy S22 will once again be put up for hacking on the second day of the event before the vulnerability research firm Interrupt Labs.
Besides this, other contestants have exploited the zero-day bugs in printers and routers from multiple OEMs like Canon, Mikrotik, NETGEAR, TP-Link, Lexmark, Synology, and HP. Throughout the event, we shall see more people and teams hitting several bugs to showcase how insecure they are and earn rewards.
The highest can be earned in the mobile phone category, where the cash prizes range up to $200,000 for hitting devices like Pixel 6 and iPhone 13 smartphones. Apart from regular rewards, successful contestants will also earn a $50,000 bonus if their exploits are concerned with kernel-level privileges.