Ryan Haines / Android Authority
TL;DR
- An annual hacking event called Pwn2Own was held in Austin, TX.
- Two teams of elite hackers were able to find two separate zero-day exploits.
- Samsung has yet to comment on the successful exploits.
Although Samsung has started rolling out its December security patch, its Galaxy S22 series has yet to receive the update. Whenever the company does decide to push the update out to the S22, it may be quickly followed by another update due to two recently discovered zero-day hacks.
As reported by Forbes, the Galaxy S22 has been compromised by two separate zero-day hacks — a vulnerability that’s been found before the vendor knows about it. The exploits were discovered by two elite hacking teams participating in this year’s Pwn2Own event.
If you’re unfamiliar with Pwn2Own, it’s an annual event that holds a competition where hackers compete against each other. Last year, the event hacked the Galaxy S21 twice in a matter of 48 hours. This year, however, the competitors managed to hack the Galaxy S22 running on the latest operating system and firmware twice in one day.
The STAR Labs team managed to do what’s known as an improper input validation attack on the S22. Only hours later, the Chim team found its own improper input validation attack.
While this may sound like terrible news, it isn’t all bad. Because of this competition, Samsung has an opportunity to implement a fix to these exploits before they can be found and leveraged by bad actors.
According to Forbes, they have reached out to Samsung for a comment regarding the exploits and a timetable for a patch. At the time of this writing, it appears the tech giant has yet to put out a statement.
