Samsung Galaxy phones are some of the most secure mobile devices out there. However, as a Pwn2Own participant recently showed, they aren’t completely foolproof. An elite hacker participating in the ongoing hacking event in Ireland breached Samsung’s defenses by exploiting various vulnerabilities in the Galaxy S24. They hacked the latest flagship to take home a cash prize of $50,000 cash prize and 5 Master of Pwn points.
Galaxy S24 hacked at the Pwn2Own ethical hacking event
Pwn2Own is a biannual computer hacking competition that invites security researchers from around the world to test the defenses of widely used electronic devices. The event sees ethical hackers discovering and exploiting vulnerabilities in popular smartphones, security cameras, and other devices. Participants earn cash prizes for each successful hack, with the amount determined by the severity of the vulnerability and other factors.
At the ongoing Pwn2Own 2024 event in Ireland, professional ethical hacker Ken Gannon from NCC Group managed to hack the Galaxy S24 using five separate vulnerabilities. The hacker discovered a path traversal exploit, allowing them to gain shell access and install an app on the device. A successful hack of the latest Samsung flagship earned the hacker a handsome reward, the highest individual award on Day 2 of the event.
As a standard practice, details of the bugs used to compromise the Galaxy S24 were kept confidential. Only the Pwn2Own organizers and Samsung can access the vulnerability details. The company has 90 days to address these vulnerabilities and release a fix before the exploited bugs are made public. This is a standard practice at all ethical hacking events. The grace period allows companies to work on the fixes to prevent potential abuse.
The latest Pwn2Own edition also saw many other devices hacked by security researchers. On Day 1, Sina Kheirkhah won $100,000 in cash and 10 Master of Pwn points for hacking a router. They exploited nine bugs to successfully move from the QNAP QHora-322 router to the TrueNAS Mini X. Pwn2Own Ireland 2024 concludes later today, October 25. We will let you know if hackers manage to breach any other Galaxy device.
