Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto

Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance systems, and NAS devices from Canon, Synology, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP. Interrupt Labs security researchers were the first to demo a Samsung Galaxy S23 zero-day in an improper input validation attack, while the ToChim team exploited a permissive list of allowed inputs to hack Samsun's flagship. "While only the first demonstration in a category wins the full cash award, each successful entry claims the full number of Master of Pwn points," the organizers explain. On the first day of Pwn2Own Toronto, Pentest Limited and STAR Labs SG team demoed two other zero-days in attacks exploiting improper input validation weakness and a permissive list of allowed inputs. In all four cases, the device ran the latest version of the Android operating system with all security updates installed, according to the contest rules. On the second day of Pwn2Own Toronto 2023, Trend Micro's Zero Day Initiative awarded $352,500 for over a dozen zero days and multiple bug collisions across various categories. This brings the first two days of Pwn2Own total to $791,250 awarded for 39 unique zero-days. In the Pwn2Own Toronto 2023 hacking event organized by Trend Micro's Zero Day Initiative, participants have the opportunity to target a wide range of devices, including mobile phones such as the Apple iPhone 14, Google Pixel 7, Samsung Galaxy S23, and Xiaomi 13 Pro. Printers, wireless routers, network-attached storage devices, home automation hubs, surveillance systems, smart speakers, and Google's Pixel Watch and Chromecast devices are also on the list, all up-to-date and in their default configurations. The event offers substantial rewards for zero-day vulnerabilities in mobile phones, with prizes reaching up to $300,000 for hacking the iPhone 14 and $250,000 for the Pixel 7. In all, contestants can win over $1,000,000 in cash prizes throughout the competition. Notably, successful exploitation of Google and Apple devices also earns a $50,000 bonus if exploit payloads execute with kernel-level privilege. The results for each challenge, including those from Pwn2Own Toronto 2023's first day, are available on this page. On the third day of the contest, the Samsung Galaxy S23 will once again targeted by Team Orca of Sea Security. At the Pwn2Own Vancouver 2023 competition held in March, contestants were awarded $1,035,000 in cash prizes and a Tesla Model 3 car for 27 zero-day vulnerabilities and several bug collisions. Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto. European govt email servers hacked using Roundcube zero-day. Hackers update Cisco IOS XE backdoor to hide infected devices. Cisco patches IOS XE zero-days used to hack over 50,000 devices. Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto

Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto - The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits targeting consumer products between October 24 and October 27. During the Pwn2Own Toronto 2023 hacking event organized by ...
1 year ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
10 months ago Bleepingcomputer.com
Nigerian Police dismantle cybercrime recruitment, mentoring hub - The Nigerian Police Form has arrested six suspects and dismantled a mentoring hub linked to cybercrime activities, including business email compromise, romance, and investment scams. After receiving intelligence and investigating a group of ...
1 year ago Bleepingcomputer.com
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
7 months ago
Protecting Your Device from Unwanted App Installations: An Overview of Samsung Galaxy Store Flaws - As more and more devices become connected to the internet, it's important to be aware of the security measures we should take to protect our data and digital identities. Smartphones and other mobile devices can be particularly vulnerable targets, due ...
1 year ago Securityweek.com
Dutch hacker jailed for extortion, selling stolen data on RaidForums - A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide. The suspect, a 21-year-old man from Zandvoort named ...
1 year ago Bleepingcomputer.com
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
6 months ago Securityweek.com
Samsung hit by new data breach impacting UK store customers - Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online ...
1 year ago Bleepingcomputer.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
6 months ago Bleepingcomputer.com
Samsung Galaxy App Store Vulnerabilities: Exploits Released and What These Mean For Users - Exploits have recently been released for two Samsung Galaxy App Store vulnerabilities, representing a major security risk for users of the smartphone. The first vulnerability is in the Galaxy App Store where malicious app developers can bypass ...
1 year ago Bleepingcomputer.com
Toronto Zoo says it remains open after ransomware attack - The Toronto Zoo said Monday evening that it was responding to a ransomware attack detected on January 5. The organization said its staff immediately began an investigation into the incident once it was discovered. The zoo welcomes more than 1.2 ...
10 months ago Therecord.media
Samsung Galaxy Store App Found Vulnerable to Hackers - Security researchers have found that the Samsung Galaxy Store app is vulnerable to hackers, putting millions of users at risk of data theft and cyber attacks. According to researchers from the Security Research Center at Michigan University, the app ...
1 year ago Thehackernews.com
Toronto Zoo: Ransomware attack had no impact on animal wellbeing - Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. The zoo said it doesn't store any credit card information and is also ...
10 months ago Bleepingcomputer.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
10 months ago Bleepingcomputer.com
Security Flaws Found in Samsung's Galaxy Store for Android - Recent developments in the tech industry have jolted the world – smartphones, more so. In addition to boosting user convenience, these mini-computers have also made life easier for predators looking to exploit security loopholes. Therefore, it is ...
1 year ago Heimdalsecurity.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
10 months ago Cybersecuritynews.com
CVE-2018-7907 - Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, ...
6 years ago
Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
1 year ago Bleepingcomputer.com
CVE-2020-9239 - Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than ...
3 years ago
Samsung Galaxy Store Flaws Put Millions of Devices Vulnerable - Researchers have discovered severe security flaws in the Samsung Galaxy Store application. These vulnerabilities put millions of users, including those who use Samsung phones, tablets, smart TVs, and wearables, at risk of cyberattacks. The security ...
1 year ago Securityaffairs.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
6 months ago Bleepingcomputer.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
Samsung Galaxy gets new Auto Blocker anti-malware feature - Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices. Auto Blocker is an opt-in security feature that prevents the side-loading of risky apps ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)