Hacking contest proves Galaxy S23 isn’t so secure after all

The Samsung Galaxy S23 had a tough first day at Toronto’s Pwn2Own hacking contest. Researchers participating in the event were able to exploit the Samsung flagship smartphone twice.

The first exploit stemmed from an allowed list of inputs outlined by the competition, while the second group was able to exploit the smartphone’s input validation technique. In simpler terms, improper input validation can allow a hacker to dupe an application and execute code or control a resource on the device.

According to the competition’s rules, entrants must “compromise the device by browsing to web content in the default browser for the target under test” or by communicating with the device using NFC, Wi-Fi, or Bluetooth. The device must also be running the latest software version and patches.

While the news might be alarming for Galaxy S23 owners, the competition allows a safe space and prize money for ethical researchers to discover and exploit vulnerabilities in popular devices. Overall, it improves the security of some of the best smartphones and products on the market.

Which other smartphones were pwned?

The Galaxy S23 is one of four phones available to competitors at the event, alongside the Google Pixel 7, iPhone 14, and Xiaomi 13 Pro. While Google and Apple’s flagships left day one unbreached, the same can’t be said for the 13 Pro. The Xiaomi flagship’s security measures fell to two breaches, one from a zero-day bug.

Several additional devices, including smart home equipment, network storage devices, and printers, were also exploited on the first day of this year’s competition.

Notably, the Galaxy S22 running Android 13 was hacked in just 55 seconds during the Toronto edition of the contest last year. Its security was breached four times across the contest’s four-day span.

This year’s Pwn2Own runs until October 27, so expect to hear of new vulnerabilities in several more popular devices this week.