Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance systems, and NAS devices from Canon, Synology, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP. Interrupt Labs security researchers were the first to demo a Samsung Galaxy S23 zero-day in an improper input validation attack, while the ToChim team exploited a permissive list of allowed inputs to hack Samsun's flagship. "While only the first demonstration in a category wins the full cash award, each successful entry claims the full number of Master of Pwn points," the organizers explain. On the first day of Pwn2Own Toronto, Pentest Limited and STAR Labs SG team demoed two other zero-days in attacks exploiting improper input validation weakness and a permissive list of allowed inputs. In all four cases, the device ran the latest version of the Android operating system with all security updates installed, according to the contest rules. On the second day of Pwn2Own Toronto 2023, Trend Micro's Zero Day Initiative awarded $352,500 for over a dozen zero days and multiple bug collisions across various categories. This brings the first two days of Pwn2Own total to $791,250 awarded for 39 unique zero-days. In the Pwn2Own Toronto 2023 hacking event organized by Trend Micro's Zero Day Initiative, participants have the opportunity to target a wide range of devices, including mobile phones such as the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Pro. Printers, wireless routers, network-attached storage devices, home automation hubs, surveillance systems, smart speakers, and Google's Pixel Watch and Chromecast devices are also on the list, all up-to-date and in their default configurations. The event offers substantial rewards for zero-day vulnerabilities in mobile phones, with prizes reaching up to $300,000 for hacking the iPhone 14 and $250,000 for the Pixel 7. In all, contestants can win over $1,000,000 in cash prizes throughout the competition. Notably, successful exploitation of Google and Apple devices also earns a $50,000 bonus if exploit payloads execute with kernel-level privilege. The results for each challenge, including those from Pwn2Own Toronto 2023's first day, are available on this page. On the third day of the contest, the Samsung Galaxy S23 will once again targeted by Team Orca of Sea Security. At the Pwn2Own Vancouver 2023 competition held in March, contestants were awarded $1,035,000 in cash prizes and a Tesla Model 3 car for 27 zero-day vulnerabilities and several bug collisions. Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto. European govt email servers hacked using Roundcube zero-day. Hackers update Cisco IOS XE backdoor to hide infected devices. Cisco patches IOS XE zero-days used to hack over 50,000 devices. Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000