The Galaxy S23 had a difficult first day at the Pwn2Own hacking competition taking place in Toronto (Canada) when researchers participating in the event were able to exploit bugs in the flagship smartphone from Samsung.
According to Android Authority, the first group exploited the vulnerability from the allowed input list on the Galaxy S23, while the second group was able to exploit the phone’s input validation technique. In simpler terms, improper input validation could allow hackers to spoof the app and execute code or control resources on the device
According to the contest rules, participants must “compromise the device by browsing web content in the default browser for the target being tested”, or by communicating with the device using NFC, Wi-Fi, or Bluetooth. The device must also be running the latest software version and patches.
While this news may be alarming for Galaxy S23 owners, the contest provides a safe space and rewards for security researchers to discover and exploit vulnerabilities in popular devices. From there, companies can understand and find ways to fix the security of their devices.
The Galaxy S23 is one of four phones available to researchers participating in the competition, alongside the Google Pixel 7, iPhone 14, and Xiaomi 13 Pro. In addition, a number of additional devices including smart home devices, network storage devices, and printers were also exploited on the first day of this year’s competition.
Notably, at the Pwn2Own contest last year, the Galaxy S22 running Android 13 was also hacked after just 55 seconds. During the four days of the competition, the Galaxy S22’s security measures were exploited four times. This year’s Pwn2Own contest lasts until October 27, so more vulnerabilities on popular devices may also appear