Competitors in the annual Pwn20wn hacking competition hacked the Samsung Galaxy S22 for the fourth time since the start of the competition, but this time in just 55 seconds.
Security researchers representing penetration testing provider Pentest Limited succeeded in this measure after exploiting a vulnerability exposed in the implementation of the attack known as Improper Input Validation against the Galaxy S22 phone.
This success earned them $25000 as this was the fourth and last time the Galaxy S22 was hacked during the Pwn20wn Toronto 2022 contest.
Researchers Tri Dang and Ton Pham of Qrious Secure also attempted to bypass smartphone security but failed to prove that they could exploit the vulnerabilities during the allotted time for their attempt.
On the first day of the competition, the STAR Labs team and a security researcher known only as Chim tried exploiting other exposed vulnerabilities in successful attacks targeting Samsung’s flagship phone.
In all four cases, the smartphones were running the latest version of the Android operating system with all available updates installed, as per the competition rules.
Day three of Pwn2Own Toronto 2022 concluded with the Zero Day Initiative from information security company, Trend Micro, which awarded $253,500 for 14 unique vulnerabilities across multiple categories.
On Day 3, the competitors demonstrated exploits for exposed vulnerabilities targeting routers, smart speakers, printers, and NAS devices from companies such as Cisco, NETGEAR, Canon, Ubiquiti, Sonos, Lexmark, Synology, and Western Digital.
The total cash rewards were $934,750 for the discovery of 60 uniquely exposed vulnerabilities after the first three days of the contest.
The hacking competition Pwn20wn Toronto 2022, which is usually held for 3 days, saw an extension for a fourth day after 26 competitors and teams signed up to offer to exploit 66 targets.