Despite its reputation for robust Android security, the Samsung Galaxy S23 faced unexpected challenges at a recent cybersecurity event. Similarly, the notion that Android phones are fully safeguarded was tested.
The Pwn2Own Toronto 2023 event, organized by the Zero Day Initiative, unveiled that leading brands like Samsung and Xiaomi aren't immune to sophisticated breaches, with several zero-day vulnerabilities coming to light
A zero-day is a technical flaw in a software or hardware system that remains unknown to those who should be interested in its mitigation, like developers or security professionals.
The Zero Day Initiative, through events like Pwn2Own, incentivizes the cybersecurity community to identify and report these vulnerabilities in a responsible manner. They offer monetary compensation for such discoveries.
On the inaugural day of the Pwn2Own Toronto 2023 event, security experts unveiled not one, but two zero-day vulnerabilities specific to the Samsung Galaxy S23.
These vulnerabilities weren't just academic; they were actively exploited. It's worth noting that before this revelation, neither Samsung nor Google was aware of these vulnerabilities.
Star Labs SG successfully identified a vulnerability within the Samsung Galaxy S23, which led them to a reward of $25,000 and 5 Master of Pwn points. Another significant discovery by Pentest Limited, centered on the Galaxy S23, led to a reward of $50,000 and an additional 5 Master of Pwn points.
It's expected that Samsung will address these vulnerabilities with a Samsung patch in the near future. However, until then, the specific exploit methods will remain confidential.
The Xiaomi 13 Pro wasn’t left behind either. Team Viettel demonstrated a successful breach of the Xiaomi 13 Pro, netting them $40,000.
Similarly, NCC Group identified a different zero-day vulnerability on the same model, earning them $20,000. Given the circumstances, a Xiaomi patch is anticipated.
The entire aforementioned discoveries took place on just the first day of the Pwn2Own Toronto 2023 event. With the event stretching until October 27, it's plausible that more zero-day vulnerabilities might come to light.
It serves as a reminder that while smartphone security has come a long way, the journey to absolute security is far from over.
Also watch: Xiaomi 14 Series launch today: First phones with Snapdragon 8 Gen 3, HyperOS & how to watch live