After hackers point out bugs to manufacturers, they now have to respond quickly.
At the annual Pwn2Own event in Toronto, previously unknown security vulnerabilities in current Android flagships Samsung Galaxy S23 and Xiaomi 13 Pro were recently revealed. as The organizers of the Zero Day Initiative informed this informationParticipating security researchers were able to successfully hack smartphones and received a total of six figures in prize money.
The Samsung Galaxy S23 has been in particular focus since the beginning of the year. Here, the Star Labs SG team managed to exploit a vulnerability in input validation and thus compromise the device. For this they received 25,000 dollars.
Group Pentest Ltd was able to find another vulnerability in input validation and use it for a successful hack to win more money, namely $50,000. Team Orca was awarded $6,250 by C Security because they were able to exploit an already known bug.
The competitor Xiaomi 13 Pro also proved to be weak. Vietnamese team Viettel managed to hack Xiaomi smartphones using only one exploit, which was rewarded with $40,000. NCC Group experts found another loophole in Xiaomi’s software and received a $20,000 bonus.
To be fair, it should also be noted that some hackers had to abandon their efforts or did not succeed within the allotted time of the competition.
Discovered security gaps are particularly explosive because they were previously unknown to manufacturers or other experts. Hence they are referred to as zero-day exploits. Samsung and Xiaomi will now provide security updates within 90 days to protect their users.
Hacking contests like this show time and time again that absolute security is an illusion. Even the latest smartphones from market leaders like Samsung and emerging providers like Xiaomi are not immune to clever attacks. Organizers of the Pwn2Own series want to inspire manufacturers to invest more resources in securing their devices. The event is co-sponsored by network storage specialist Synology and Google.