Participants hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hack contest, the 10th edition of the consumer-focused event.
The STAR Labs team was the first to successfully operate zero day on Samsung’s flagship device by performing their invalid input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points.
Another competitor, Chim, has also demonstrates a successful feat targeting the Samsung Galaxy S22 and was able to execute an incorrect input validation attack earning $25,000 (50% of the prize for the second round targeting the same device) and 5 Master of Pwn points.
“The first winner on each target will receive the full cash prize and tested devices,” the contest organizers said. Explain.
“For the second and subsequent rounds on each target, all other winners will receive 50% of the prize, but they will still earn full Master of Pwn points.”
According to the contest rules, in both cases the Galaxy S22 devices were running the latest version of the Android operating system with all available updates installed.
During this first day of the competition, participants also successfully demonstrated exploits targeting zero-day bugs in printers and routers from multiple vendors, including Canon, Mikrotik, NETGEAR, TP-Link, Lexmark, Synology, and HP. .
Contest extended to four days
To Pwn2Own Torontosecurity researchers can target cell phones, home automation hubs, printers, wireless routers, network storage, smart speakers and other devices, all up to date and in their default configuration.
They can win the highest rewards in the mobile phone category, with cash prizes of up to $200,000 for hacking Google Pixel 6 and Apple iPhone 13 smartphones.
Hacking Google and Apple devices can also provide bonuses of $50,000 if the exploits run with kernel-level privileges, bringing the maximum reward for a single challenge to a total of $250,000 for a chain. full operating system with kernel-level access.
Pwn2Own Toronto’s consumer-focused event has been extended to four days (between December 6-8) after 26 teams and competitors registered to mine 66 targets across all categories.
On the second day of the contest, the Samsung Galaxy S22 will again be put to the test by hackers from vulnerability research firm Interrupt Labs.