© Shutterstock ZeroThe Samsung Galaxy S22 is one of the best Android phones you can buy, but it's not without its flaws, as the nominees for this year's Pwn2Own hacking contest have shown.
During the four-day event in Toronto, the Korean hardware giant's flagship smartphone was hacked by several competitors, two of which even managed to find and successfully exploit a zero-day vulnerability. However, on the third day of Pwn2Own 2022, security researchers managed to jailbreak the Galaxy S22 in less than a minute.
As Bleeping Computer reports, security researchers at Pentest Ltd have demonstrated a Galaxy S22 zero-day bug that uses a malicious login authentication attack to gain access to the device in just 55 seconds. As Pwn2Own is a hacking contest sponsored by Trend Micro's Zero Day Initiative, security researchers received five points and won a $25,000 prize.
It is worth noting that all the Galaxy S22 smartphones jailbroken on Pwn2Own were running Android 13 with all the latest Samsung updates as part of the contest rules.
Samsung Galaxy S22 Day Zero
While Pwn2Own was able to jailbreak the Galaxy S22 in 55 seconds, it was jailbroken four times during the competition.
In fact, on the first day of the competition, two device zero vulnerabilities were discovered and successfully exploited by competitors. For those unfamiliar, a zero-day is a type of vulnerability that was previously unknown to the device manufacturer and for which there is still no patch.
The STAR Labs team found and exploited the Galaxy S22's first null bug with an invalid input validation attack, earning them $50,000 and 5 points. Another contestant named Chim found another zero day and delivered a successful performance earning $25,000 and 5 points.
Should we be worried?
If you own a Samsung Galaxy S22, the news that your phone has been jailbroken in less than a minute may have you worried about your device and the data stored on it. However, you don't have to be.
Hacking competitions like Pwn2Own are designed to give security researchers and ethical hackers an opportunity to showcase their skills, as well as to benefit the companies whose devices are being hacked. If a cybercriminal discovered the zero days described above, it would be problematic because they could use them to launch attacks until Samsung had a chance to fix them. In this case, however, Samsung and other providers know what's going on with Pwn2Own, and their engineers are likely working to fix these issues right now.
Samsung isn't the only hardware manufacturer whose products were hacked in Pwn2Own, including Cisco, Netgear, Canon, Ubiquity, Sonos, Lexmark, Synology and Western Digital devices, routers, smart speakers and network-attached storage (NAS) printers. Compromised and exploited during inclusive competition.
However, if you want extra security for your Samsung Galaxy S22, you can always install one of the best Android antivirus apps that can detect malware online and make sure it doesn't infect your smartphone.
