On day three of Pwn2Own, competitors hacked the Samsung Galaxy S22 for the fourth time since the competition began, and this time they did it in just 55 seconds.
Security researchers representing penetration testing provider Pentest Limited did this after demonstrating a zero-day bug as part of a successful bad input validation attack against Samsung’s flagship device on Thursday.
It won them $25,000, or 50% of the total cash prize, as it was the fourth (and final) time the Galaxy S22 was hacked in the Pwn2Own Toronto 2022 contest.
Tri Dang and Toan Pham from Qrious Secure also tried to bypass the smartphone security protection but failed to demonstrate their feat during the time allowed for their attempt.
On the day one of Pwn2Own Torontothe STAR Labs team and a security researcher known only as Chim demonstrated two more zero-day exploits in successful attacks targeting the Galaxy S22.
In all four cases, the smartphones were running the latest version of the Android operating system with all available updates installed, according to the contest rules.
Day three of Pwn2Own Toronto ended with Trend Micro’s Zero Day initiative, which awarded $253,500 for 14 unique bugs across multiple categories.
Throughout the day, attendees also showcased exploits targeting zero-day flaws in routers, smart speakers, printers, and network-attached storage (NAS) devices from Cisco, NETGEAR, Canon, Ubiquiti , Sonos, Lexmark, Synology and Western Digital.
That brings the total to $934,750 awarded for 60 unique zero days after the first three days of Pwn2Own, according to ZDI Threat Awareness Manager Dustin Childs.
The Pwn2Own Toronto 2022 consumer-focused hacking competition has been extended to four days after 26 individual participants and teams registered to exploit 66 targets, and it runs from December 6-8.
On day four of the competition, entrants will demonstrate new zero-days across multiple consumer device categories, including printers, wireless routers and network storage.