On the first day of Pwn2Own Toronto, two contestants have compete for a $75,000 prize money for successfully exploiting an input validation bug on Samsung’s Galaxy S22 device.
They did this when the concerned device is running on the latest Android OS, with all necessary updates installed. Other contestants have hit several zero-day bugs in printers and routers, earning their own respective rewards.
A Zero-Day Bug on Galaxy S22 Device
The four-day event of Pwn2Own 2022 started with the hacks of Samsung Galaxy S22, where two contestants hit an input validation bug on the Galaxy S22 device, which earned them combined rewards of $75,000.
The first among them is STAR Labs, where they demoed the exploitation of a zero-day bug in Samsung’s flagship device by executing their improper input validation attack – effectively earning $50,000 and 5 Master of Pwn points.
STAR Labs was able to execute their improper input validation attack on their 3rd try against the Samsung Galaxy S22. They earn $50K and 5 Master of Pwn points. #P2OToronto #Pwn2Own
The team got a great video of the exploit attempt: https://t.co/69It9QBOy2 pic.twitter.com/20WyVDuV5b
— Zero Day Initiative (@thezdi) December 6, 2022
This was followed by Chim, another contestant who had hit the same device in the same way and earned $25,000 (50% of the prize for the second round of targeting the same device) and 5 Master of Pwn points.
Sweet calc action! #Pwn2Own #P2OToronto pic.twitter.com/3Fbi3SZE7h
— Zero Day Initiative (@thezdi) December 6, 2022
This is intriguing, as the subject device is running on the latest Android OS with all necessary updates installed – yet failed to secure itself. Well, this device will once again go under testing by another team – Interrupt Labs tomorrow for surfacing new bugs and rewards.
Other contestants showcased exploits targeting zero-day bugs in printers and routers from various OEMs like Canon, Mikrotik, NETGEAR, TP-Link, Lexmark, Synology, and HP.
This year’s event in Toronto has a total of 26 teams and contestants, exploiting 66 targets across all categories. The highest reward one can get is upto $200,000 – available in the mobile phone category and rewarded for hitting premium phones like The Google Pixel 6 and Apple iPhone 13.
Other Trending News:- News
