Samsung’s flagship phone, the Galaxy S22, was hacked twice by two participants on day one of the Pwn2Own Toronto 2022 hacking competition. Both participants demoed their exploits on the phone by executing an improper input validation attack.
The first team to breach the device was Star Labs, who successfully exploited a zero-day vulnerability on their third attempt. Another contestant, Chim, followed this, who also demoed a similar exploit. Both participants have been awarded $50,000 and $25,000, respectively, with five Master of Pwn points each.
Per the contest rules, the phone was running the latest version of Android, and the latest security updates were installed during both attempts.
Pwn2Own Toronto is a hacking competition that allows attackers to work on different devices such as phones, printers, routers, NAS, smart speakers and home automation hubs, among others from several different manufacturers, including Apple, Canon, Google, Mikrotik, Netgear, TP-Link, Lexmark, Synology and HP.
Phones, especially the Google Pixel 6 and iPhone 13, carry the highest rewards, with cash prizes going as high as $200,000. There’s also a $50,000 bonus if the exploits execute with kernel-level privileges.
26 teams have registered for the event to try and exploit the 66 registered targets across all categories. The event has been extended to four days between December 6 and 8. As for the S22, Interrupt Labs hackers will take another jab at the device on day two of the competition.