Those were the best of times. It was a bad time for Samsung. Over his four days till October 27th, Samsung Galaxy S23 was successfully hacked by an elite security researcher using a zero-day exploit. four times. iPhone 14 and Pixel 7 were left unharmed. However, it’s not all bad news, as the zero-day exploit has been handed over to Samsung for fixing. Samsung has 120 days to publicly disclose the exploit.
Who hacked the Samsung Galaxy S23?
The deletion of the Samsung S23 smartphone occurred during Pwn2Own, an annual hacking event hosted by Trend Micro’s Zero Day Initiative. The consumer event was held from October 24th to 27th in Toronto, Canada. The participating hackers targeted four smartphones, but only successfully exploited the Samsung Galaxy S23 and Xiaomi 13 Pro. Apple iPhone 14 and Google Pixel 7 remained undefeated.
Regarding the Samsung Galaxy S23, hackers from Pentest Limited, STAR Labs SG, Interrupt Labs, and ToChim all successfully executed zero-day exploits against the device over the course of the four-day competition.
In fact, the fifth successful Samsung Galaxy S23 hack by Sea Security’s Team Orca used a known exploit.
Meanwhile, researchers from NCC Group and Team Viettel also successfully executed a zero-day exploit on Xiaomi 13 Pro smartphones.
What zero-day exploit was used to hack the Samsung Galaxy S23?
As previously mentioned, the full technical details of the successful zero-day exploit will not be made public until Samsung has had a chance to distribute a patch that fixes the vulnerability. ZDI has given vendors a 120-day grace period to create and distribute such patches.Meanwhile, ZDI is very Overview of X exploit typesformerly known as Twitter.
Pentest Limited ran an improper input validation exploit, STAR Labs SG abused the allowed list of allowed inputs as did the ToChim team, and Interrupt Labs used an improper input validation exploit.
How much money did the Pwn2Own hacker make?
The four hacker teams involved in the Samsung Galaxy S23 exploit earned a total of $125,000 by demonstrating their zero-day attack live on stage. Although the fifth team did not use the zero-day exploit, he was still awarded a $6,250 bounty.
The hacking team won a whopping $1,038,500 in total prize money across the four days of Pwn2Own 2023. This was a good week for hackers and consumers alike, as a total of 58 zero-days were demonstrated and handed over to relevant vendors. These exploits are more likely to be discovered by those who hand them over for modification than to be discovered by those who seek to exploit them against us for criminal gain or in government-sponsored espionage. is much better.
These 58 zero-days affected printers, routers, security cameras, and network-attached storage devices, among other consumer devices. A complete list of successful exploits can be found here: ZDI Pwn2Own Blog.
I have asked Samsung for a statement and will update this article if it is announced.